Download GFI MailEssentials 14 administration and configuration manual

GFI MailEssentials 14
Administration and
Configuration Manual
By GFI Software Ltd.
http://www.gfi.com
Email: [email protected]
Information in this document is subject to change without notice.
Companies, names, and data used in examples herein are fictitious
unless otherwise noted. No part of this document may be reproduced
or transmitted in any form or by any means, electronic or mechanical,
for any purpose, without the express written permission of GFI
Software Ltd.
GFI MailEssentials was developed by GFI Software Ltd. GFI
MailEssentials is copyright of GFI Software Ltd.  1998-2009 GFI
Software Ltd. All rights reserved.
GFI MailEssentials is a registered trademark and GFI Software Ltd.
and the GFI logo are trademarks of GFI Software Ltd. in the Europe,
the United States and other countries.
Version 14 - Last updated: March 27, 2009
ii  0BAbout GFI MailEssentials
Administration and configuration manual
Contents
1
About GFI MailEssentials
1.1
1.2
1.3
1.4
2
Introduction
Route spam to dedicated spam folders
Enable public folder scanning
3
4
6
13
Reviewing spam email
Managing legitimate email
Managing spam
Viewing anti-spam status on dashboard
Generating spam digests
Creating email archives
Spam status and email processing reports
Disabling/Enabling email scanning
13
13
14
14
15
18
24
32
35
Adding additional inbound email domains
Anti-spam filters
Disclaimers
Auto-replies
List servers
35
36
71
74
76
Miscellaneous
5.1
5.2
5.3
5.4
5.5
5.6
5.7
6
3
Customizing GFI MailEssentials
4.1
4.2
4.3
4.4
4.5
5
1
2
2
2
Routine Administration
3.1
3.2
3.3
3.4
3.5
3.6
3.7
3.8
4
Introduction
Using this manual
Licensing
Minimum Requirements & Installation
Recommended post-install actions
2.1
2.2
2.3
3
1
Setting up POP3 and dialup downloading
Email monitoring
Synchronizing configuration data
GFI MailEssentials Configuration Export/Import Tool
Selecting the server from where to download updates
Selecting the SMTP Virtual Server to bind GFI MailEssentials
Remote commands
Troubleshooting & support
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
85
Introduction
User manual
Common issues
Knowledge Base
Common checks
Web Forum
Request technical support
Build notifications
Administration and configuration manual
85
89
92
97
99
100
101
107
107
107
107
110
110
111
111
111
0BAbout GFI MailEssentials  iii
6.9
7
Documentation
111
Appendix 1 – How does spam filtering work?
7.1
7.2
111
Inbound mail filtering
Outbound mail filtering
112
113
8
Appendix 2 – Bayesian Filtering
115
9
Appendix 3 - Installing MSMQ
119
9.1
9.2
9.3
Windows Server 2000
Windows Server 2003
Windows Server 2008
119
120
123
10 Glossary
125
11 Index
129
iv  0BAbout GFI MailEssentials
Administration and configuration manual
1 About GFI MailEssentials
1.1 Introduction
GFI MailEssentials is a server-based anti-spam solution that provides
key corporate email anti-spam features for your mail server. Installed
as an add-on to your mail server, GFI MailEssentials is completely
transparent to users, with no additional user training required.
The key features of this solution are:

Server-based anti-spam - Spam protection is an essential
component of your network’s security strategy. GFI MailEssentials
offers advanced anti-spam filters which include blacklist/whitelist,
Bayesian filtering, keyword checking, and header analysis.

Company-wide disclaimer/footer text - Companies are
responsible for the content of their employees' email messages.
GFI MailEssentials enables the automatic addition of disclaimers
on top or the bottom of an email, together with fields/variables that
personalize the disclaimer according to the recipient.

Email archival to database – Archiving email is not only good
practice but also may be a legal requirement. GFI MailEssentials
provides the facility to archive all inbound and outbound email.

Reporting – GFI Mail Essentials can produce various useful
reports on email usage and anti spam operations.

Personalized auto-replies with tracking number - More than
just an 'out of office' replies, auto-replies enable customers to
know that their email has been received and that their request is
being handled. Assign a unique tracking number to each reply to
give your customers and employees an easy point of reference.

POP3 downloader – Smaller businesses may not have the
necessary facilities to use SMTP based email. GFI MailEssentials
includes a utility that can forward and distribute email from POP3
mailboxes to mailboxes on the mail server.

Email monitoring – Central information stores are typically easier
to manage than distributed information. GFI MailEssentials
enables sending of email copies to a central store of email
communications of a particular person or department.
For more information on how GFI MailEssentials filters emails for
inbound and outbound emails, refer to Appendix 1 – How does spam
filtering work in this manual.
Administration and configuration manual
0BAbout GFI MailEssentials  1
1.2 Using this manual
This user manual is a comprehensive guide that aims to assist
systems administrators in configuring and using GFI MailEssentials in
the best way possible. It builds up on the instructions provided in the
GFI MailEssentials ‘Getting Start Guide’ and describes the
configuration settings that systems administrators must do so to
achieve the best possible results out of the software
This manual contains the following chapters:
Chapter 1
Introduces this manual.
Chapter 2
Provides detailed information on the routine administration
tasks that administrators must perform on a day-to-day
basis.
Chapter 3
Gives detailed information on how customize GFI
MailEssentials. This includes customizing anti-spam filters
and their actions as well as disclaimers and auto replies.
Chapter 4
Provides detailed information on how to perform other
maintenance and setup tasks that fall beyond the scope of
the previous two chapters. These include setting up the
P2E feature, email monitoring and remote commands.
Chapter 5
A troubleshooting and support section where information
on how to solve common problems is given.
Appendices
Gives additional information related to how spam filtering
and Bayesian filtering work and information on MSMQ.
1.3 Licensing
For information on licensing refer to:
http://www.gfi.com/products/gfi-mailessentials/pricing/licensing
1.4 Minimum Requirements & Installation
For information on system requirements and installation refer to the
GFI MailEssentials ‘Getting Started Guide’:
http://www.gfi.com/mes/mes14gsgmanual.pdf
2  0BAbout GFI MailEssentials
Administration and configuration manual
2 Recommended post-install actions
2.1 Introduction
About anti-spam filters
Out of the box, GFI MailEssentials includes a number of specialized
anti-spam filters. Each one of these filters target one or more types of
spam. The filters which ship with GFI MailEssentials are listed below:
Filter
Description
SpamRazer
An anti-spam engine that determines if an
email is spam by using email reputation,
message fingerprinting and content analysis.

Directory
Harvesting
Stops email which is randomly generated
towards a server, mostly addressed to nonexistent users.

PURBL
Blocks emails that contain links in the
message bodies pointing to known phishing
sites or if they contain typical phishing
keywords.

SPF
Stops email which is received from domains
not authorized in SPF records

AutoWhitelist
Addresses to which an email is sent to, are
automatically excluded from being blocked.

Whitelist
A custom list of safe email addresses

Custom
blacklist
A custom list of blocked email users or
domains.

DNS
blacklists
Checks if the email received is from senders
that are listed on a public DNS blacklist of
known spammers.

SURBL
Stops emails which contain links to domains
listed on public Spam URI Blocklists such as
sc.surbl.org

Header
checking
A module which analyses the individual fields
in a header by referencing the SMTP and
MIME fields

Keyword
checking
Spam messages are identified based on
blocked keywords in the email title or body

New
Senders
Emails that have been received from senders
to whom emails have never been sent before.

Bayesian
analysis
An anti-spam technique where a statistical
probability index based on training from users

Administration and configuration manual
Enabled
by Default
1BRecommended post-install actions  3
is used to identify spam.
As listed in the table above, not all anti-spam filters are enabled by
default. This is due to configuration settings which are
network/infrastructure dependent and cannot therefore be preset.
Although key filters like SpamRazer are enabled by default, it is
recommended that after installing GFI MailEssentials, the rest of the
anti-spam filters and filtering mechanisms are reviewed and enabled
accordingly. For more information refer to the Anti-spam filters chapter
starting on page 36 in this manual.
Anti-Spam actions
A number of actions can be triggered by anti-spam filters on detection
of spam email. These actions determine what will happen to email
spam detected and are configurable on a filter by filter basis. Antispam filter actions supported are:

Tag spam email (default)

Move email spam to a central folder

Move email spam to public folders

Moving email spam to junk mail folder

Forward email spam it to a specific email address

Delete spam
The default anti-spam action is ‘Tagging’. During tagging, anti-spam
filters ‘mark’ unauthorized emails as spam by adding the prefix
[SPAM] in the email subject field. Tagged emails are still received by
end-users in their inbox; however, the tag in the subject line allows
users to easily distinguish between legitimate emails and spam. For
more information anti-spam actions refer to the Spam Actions – What
to do with spam email section starting on page 66 in this manual.
2.2 Route spam to dedicated spam folders
By default, email tagged as spam is still directed to the recipient’s
inbox. To filter out spam from the recipients inbox configure GFI
MailEssentials to route emails to dedicated spam folders. You can
setup a different spam folder for every anti-spam filter. This allows you
to categorize email spam and have an insight on which filter blocked
your spam – a function important to identify false positives and tweak
your filters accordingly.
Enable spam email routing to folders
Different anti-spam ‘move to folder’ actions are available depending
on the type of setup you have.
If you are running a Microsoft Exchange 2003/2007 infrastructure the
following move to folder actions can be triggered:

‘Move to subfolder of user’s mailbox’ – This option enables routing
of spam to a set of public folders which are accessible from email
clients.
4  1BRecommended post-install actions
Administration and configuration manual

‘Move to user’s junk mail folder’ – This option routes email to the
junk mail folder. Users can access the junk mail folder to review
spam directly from their email client.
On other infrastructures, user is allowed to route spam emails to a
specific folder on the client/end-user side.
2.2.1 Configuring email routing to folders
1. Launch GFI MailEssentials configuration console by clicking:
Start ► All Programs ►GFI MailEssentials ► GFI MailEssentials
Configuration.
2. From the list of filters in Anti-Spam node, right click on the filter to
be configured e.g. Header Checking and select Properties.
Screenshot 1 - Configuring the action that should be taken
3. Click on the Actions tab to access options for anti-spam filter
actions configuration
4. Select one of the following options:

‘Move to subfolder of user’s mailbox’ – Use this option to route
spam to a folder within the user’s mailbox.

‘Move to user’s junk mail folder’ – Use this option to route all spam
to the user’s default junk mail folder

‘Move to the specified folder’ – Use this option to route emails to a
Administration and configuration manual
1BRecommended post-install actions  5
specific folder on the server
E.g. ‘C:\GFI MailEssentials\DetectedSpam’
5. Click OK to save your configuration.
6. Repeat for all enabled spam filters.
2.3 Enable public folder scanning
Spamming techniques are in continuously evolving and consequently
you might encounter instances when spam still makes it through antispam filters on to the recipient’s inbox. Through public folder
scanning, users can manually classify email as spam and ‘teach’ GFI
MailEssentials spam patterns to classify similar email as spam.
Public folder scanning enables GFI MailEssentials to retrieve emails
from public folders to add to whitelist/blacklist and HAM/SPAM
databases. On systems running Microsoft Exchange server or Lotus
Domino, public folders are created automatically on completion of the
configuration process.
To enable public folders scanning follow the instructions listed in the
sections below.
2.3.1 Public folder scanning setup for Microsoft Exchange servers
1. From the GFI MailEssentials configuration console right click the
Anti-spam node and select Properties.
6  1BRecommended post-install actions
Administration and configuration manual
Screenshot 2 - Configuring Public folder scanning
2. Select Public Folder Scanning tab, and click on Enable Public
Folder Scanning checkbox.
3. From the Poll public folders via list select the method GFI
MailEssentials uses to retrieve emails from public folders.

For Exchange Server 2000/2003 – Select MAPI, IMAP or
WebDAV.

For Exchange Server 2007 – Choose WebDAV.
Available options are:

MAPI: To use MAPI, GFI MailEssentials must be installed on the
machine on which Microsoft Exchange Server is installed. No
other settings are required.

IMAP Requires Microsoft Exchange IMAP service. IMAP enables
remote scanning of public folders and works well in environments
running firewalls. In addition, IMAP can be used with other Mail
servers that support IMAP. Parameters required are:
o
Mail server name
o
Port number (default IMAP port is 143)
o
Username/password
o
Select the Use SSL option to use a secure connection
Administration and configuration manual
1BRecommended post-install actions  7
NOTE: MAPI and IMAP cannot be used to poll emails from
Microsoft Exchange Server 2007 public folders.

WebDAV - Specify Mail server name, port (default WebDAV port
is 80), username/password and domain. To use a secure
connection select the Use SSL checkbox. By default, public
folders are accessible under the ‘public’ virtual directory. If this has
been changed to something else, specify the correct virtual
directory name to access the public folders by editing the text in
the URL box.
Screenshot 3 – Public folder scanning test succeeded
4. Click Scan Now to automatically create Public folders.
5. Click Test if you are setting up IMAP or WebDAV. On screen
notification will confirm success/failure. If the test fails, verify/update
credentials and re-test.
2.3.2 Configure a dedicated user account for Exchange Server 2000/3
When GFI MailEssentials is installed in a DMZ, it is highly
recommended that for security reasons a dedicated user account is
created to retrieve/scan email from public folders. Users will have
access to the GFI AntiSpam folders.
1. Create a new Active Directory (AD) user with power user privileges.
2. From the Microsoft Exchange System Manager, expand Folders ►
Public Folders node.
3. Right click GFI AntiSpam Folders public folder and select
Properties.
4. Click Permissions tab and select Client permissions.
8  1BRecommended post-install actions
Administration and configuration manual
Screenshot 4 - Setting user role
5. Click Add…, select new user, and click OK.
6. Select new user from the client permissions list and from provided
list set its role to ‘Owner’. Ensure that all checkboxes are selected and
the radio buttons are set to All.
7. Click OK to finalize your configuration.
8. From the Microsoft Exchange System Manager right click GFI
AntiSpam Folders and select All tasks ► Propagate settings.
NOTE: For Microsoft Exchange Server 2003 SP2, select click GFI
AntiSpam Folders and select All tasks ► Manage Settings option.
9. Select the Folder rights or Modify client permissions option and
click OK or Next.
10. Specify the credentials of power user account created in step 1
and test the setup to ensure the permissions are correct.
2.3.3 Configure a dedicated user account for Exchange Server 2007
When configuring a dedicated user account to retrieve the emails from
the GFI AntiSpam Public folders, the user would need to have ‘owner’
access rights on the GFI AntiSpam Public Folders.
1. Create a new Active Directory (AD) (power)user.
2. Logon to the Microsoft Exchange Server using administrative
privileges.
3. Open ‘Microsoft Exchange Management Shell’ and key in following
command:
Get-PublicFolder -Identity "\GFI AntiSpam Folders" -Recurse |
ForEach-Object
{Add-PublicFolderClientPermission
-Identity
$_.Identity
–User
"USERNAME"
–AccessRights
owner
–Server
"SERVERNAME"}
4. Change “USERNAME” and “SERVERNAME” to the relevant details
of the Active Directory user in question.
Administration and configuration manual
1BRecommended post-install actions  9

Example:
Get-PublicFolder -Identity "\GFI AntiSpam Folders" -Recurse
| ForEach-Object {Add-PublicFolderClientPermission -Identity
$_.Identity –User "mesuser" –AccessRights owner –Server
"exch07"}
2.3.4 Hiding user posts in GFI AntiSpam Folders
For privacy and security purposes, it is highly recommended that you
hide user posts made on GFI AntiSpam folders. This way, users will
only be able to post to the folders without viewing existing posts (not
even the ones they posted themselves). To configure user privileges
and hide posts for unauthorized users do as follows:
1. From the Microsoft Exchange System Manager expand Folders ►
Public Folders node.
2. Right click GFI AntiSpam Folders public folder and select
Properties.
3. Select the Permissions tab and click Client permissions.
4. Click Add…, and select the user/group to hide the posts from and
click OK.
5. Select user/group configured earlier to the client permissions list
and set its role to Contributor.
6. Ensure that only the Create items checkbox is selected and the
radio buttons are set to None.
7. Click OK to finalize your configuration.
8. From the Microsoft Exchange System Manager right click GFI
AntiSpam Folders and select All tasks ► Propagate settings.
9. Select Folder rights checkbox and click OK.
2.3.5 Public folder scanning setup for Lotus Domino servers
Step 1: Create a new database which used to store GFI
MailEssentials Public folders.
1. From the IBM Domino Administrator, click on File ► Database ►
New.
2. Key in the following details for the new database:

Server: <Your Domino Server details>

Title: Public-Folder

File name: Public-F.nsf

Select ‘Mail (R7)’ as the template for the new Database
3. Click OK to create the database.
Step 2: Convert the database format of the newly created
database.
1. From the Lotus Domino server Console, run the following
command:
Load Convert –e –h <Database Filename>

Example:
Load Convert –e –h Public-F.nsf
10  1BRecommended post-install actions
Administration and configuration manual
Step 3: Create a new Mail-In database:
A new mailbox needs to be created in order to store the new GFI
MailEssentials Public Folder.
1. From the IBM Domino Administrator, select People & groups tab
and click on Mail-In Databases and Resources.
2. Click Add Mail-In Database and key in the New Mail-In Database
as follows:

Mail-in name: Public Folders

Description: The GFI MailEssentials Mailbox

Internet address: <public@<yourdomain.com>

Internet Message: ‘No Preference’

Encrypt incoming mail: ‘No’

Domain: <yourdomain>

Server: <Your Domino server name>

File name: ‘Public-F.nsf’
NOTE: You will need to associate a user with the Mail-In-database
created above. This account will be used by the GFI MailEssentials
server to connect to the Lotus Domino Server.
Step 4: Configure GFI MailEssentials
Define the shared namespace which will be used when connecting to
the Lotus Domino IMAP service:
1. Click Start ► Run and type Regedit.
2. Locate the following Registry Key:
<HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME14\Attendant\rpfolders
:8\>
3. Create the following Keys:
 Name: ‘FolderDelimiter’
 Name: ‘SharedNamespace’
 Type: STRING
 Type: STRING
 Value: ‘\\’
 Value:
<Public
Folder
Prefix\Name of new Mail-In
Database\>
Get the values for the ‘sharednamespace’ key as follows:
Public folder prefix name
1. From the IBM Domino Administrator, click Configuration Tab.
2. Expand Server ► Configurations, click on your Domino Server
and click Edit Configuration.
3.From the IMAP tab, select Public and Other Users’ Folders tab.
The ‘Public Folder Prefix’ can be found under the Public Folder
Section.
Mail-In database name
1. From the IBM Domino Administrator select People & Groups tab.
2. Click on Mail-In Databases and Resources node. Name of the
New Mail-In Database is listed within the right pane.
Step 5: Restart the IMAP Service on the Domino Server
Administration and configuration manual
1BRecommended post-install actions  11
1. Open the Lotus Notes Console
2. Type ‘tell imap quit’ and wait until the task completes.
3. Once the above is complete, type ‘load imap’
Step 6: Configure GFI MailEssentials
Configure the GFI MailEssentials Public Folder Scanning properties.
1. From the GFI MailEssentials Configuration, right click Anti Spam
Node and select Properties.
2. Select Public Folder Scanning tab and key in the following values:

Server: <IP Address of Domino Server>

Port: 143 (default)

Username: Username associated with the mail-in database

Password: User password
3. Test configuration by clicking Test button and click Scan now to
generate the public folders.
Step 7: Ensure the Public Folders are created
Using telnet to determine if Public folders were created successfully:
1. From the GFI MailEssentials machine load up command prompt.
2. Type ‘telnet’
3. Type ‘Open <IP ADDRESS> 143’
4. Type ‘ao1 login <[email protected]> <password>’
5. Type ‘ao5 list “<Public Folder Prefix\Name of new Mail-In
Database\>” “*”
6. The output of the above command should show the public folders
as in the following screenshot:
7. Type ‘ao3 logout’
NOTE: Use the Lotus notes designer to remove any unwanted views
and forms from the database created previously.
12  1BRecommended post-install actions
Administration and configuration manual
3 Routine Administration
3.1 Reviewing spam email
3.1.1 Spam review process
1. Instruct the individual email users to periodically review spam
emails.
2. In case of legitimate emails being identified as spam, refer to the
Managing legitimate email section below to instruct GFI MailEssentials
on how not to classify similar emails as spam.
3. In case of spam emails being incorrectly identified as spam (false
positives), refer to the Managing spam section below for instructions
on how to instruct GFI MailEssentials on how to classify similar emails
as spam.
3.2 Managing legitimate email
As with any anti-spam solution, GFI MailEssentials might require
some time until the optimal anti-spam filtering conditions are achieved.
In cases where this is not yet achieved, there might be instances
where legitimate email might be identified as spam.
In such cases users should add emails incorrectly identified as spam
to the ‘Add to whitelist’ and to the ‘This is legitimate email’ folders to
‘teach’ GFI MailEssentials that the email in question is not spam.
Important notes
In Microsoft Outlook, dragging and dropping email moves the email to
the selected folder. To retain a copy of the email, hold down the CTRL
key to copy the email rather than moving it.
3.2.1 Adding senders or newsletters to the whitelist
1. In the public folders, locate the GFI AntiSpam Folders ► Add to
whitelist public folder.
2. Drag and drop emails or newsletters to the Add to whitelist public
folder.
3.2.2 Adding discussion lists to the whitelist
Discussion lists (NOT newsletters) are often sent out without
including the recipient email address in the MIME TO and are
therefore marked as spam. To receive these discussion lists, whitelist
the email addresses of these valid list mailers.
Administration and configuration manual
2BRoutine Administration  13
Add discussion lists to the whitelist
1. In the public folders, locate the GFI AntiSpam Folders ► I want
this Discussion list public folder.
2. Drag and drop discussion lists to the I want this Discussion list
public folder.
3.2.3 Add ham to the legitimate email database
1. In the public folders, locate the GFI AntiSpam Folders ► This is
legitimate email public folder.
2. Drag and drop emails to the This is legitimate email public folder.
3.3 Managing spam
While GFI MailEssentials starts identifying spam emails right out of the
box, there might be instances where spam makes it through
undetected to the users mailbox. Typically this might be either due to
configuration settings that have not yet been performed or to new
forms of email spam to which GFI MailEssentials has not yet adapted
itself. In both cases, these situations are resolved when GFI
MailEssentials is configured to capture such spam.
NOTE: For information on how to resolve issues related to emails not
detected as spam refer to the Troubleshooting & support chapter
starting on page 107 in this manual.
In these cases users should add such emails to ‘Add to blacklist’ and
to the ‘This is spam email’ folders to ‘teach’ GFI MailEssentials that
the email in question is spam.
Important notes
1. In Microsoft Outlook, dragging and dropping email moves the email
to the selected folder. To retain a copy of the email, hold down the
CTRL key to copy the email rather than moving it.
2. Refer to the Enable public folder scanning section starting on page
6 in this manual for more information on how to automatically create
the GFI AntiSpam folders.
3.3.1 Adding senders to the blacklist
1. In the public folders, locate the GFI AntiSpam Folders ► Add to
blacklist public folder.
2. Drag and drop emails to the Add to blacklist public folder.
3.3.2 Adding spam to the spam database
1. In the public folders, locate the GFI AntiSpam Folders ► This is
spam email public folder.
2. Drag and drop the spam email to the I want this Discussion list
public folder.
3.4 Viewing anti-spam status on dashboard
The GFI MailEssentials Dashboard shows the status of your antispam system, including email processing activity and statistics. Use
14  2BRoutine Administration
Administration and configuration manual
the GFI MailEssentials Dashboard as follows:
1. Click Start ► All Programs ► GFI MailEssentials ► GFI
MailEssentials Dashboard.
Screenshot 5 - GFI MailEssentials Dashboard
2. Click on:

Status to view GFI MailEssentials services status and email
processing activity.

Statistics to view statistical charts showing email flow and spam
blocked by all spam filters as well as counters with information on
incoming and outgoing email and spam.

P2E Logging: Shows a log of the POP2Exchange activities.
NOTE: For information on POP2Exchange refer to the Setting up
POP3 and dialup downloading section starting on page 85 in this
manual.
3.5 Generating spam digests
The spam digest is a short report sent to an administrator or user via
email. This report lists the total number of emails processed by GFI
MailEssentials and the number of spam emails blocked over a specific
period of time (…mainly since the last spam digest).
3.5.1 Configuring spam digests
Administrator spam digest
1. Select Email Management ► Spam Digest ► Properties.
Administration and configuration manual
2BRoutine Administration  15
Screenshot 6 – Spam digest properties/Administrator spam digest
2. From the Administrator Digest tab, click Send administrator
spam digest to enable spam digest.
3. Configure the desired sending frequency (Daily, Weekly, Monthly)
from the Sending schedule drop-down.
4. Specify the digest content that will be sent in the email, either a
Total count of processed email and spam or Total spam captured
per spam filter or both.
5. Finalize settings by selecting Apply and OK.
Recipient spam digest
1. Select Email Management ► Spam Digest ► Properties.
16  2BRoutine Administration
Administration and configuration manual
Screenshot 7 – Recipient spam digest
2. From the Recipient Digest tab, select Spam recipient spam
digest to enable spam digest.
3. Configure the desired sending frequency from Sending schedule.
4. Specify the digest content that will be sent in the email:

Total count of processed email and spam

Total spam captured per spam filter

List of blocked spam
or any combination of options as required.
Administration and configuration manual
2BRoutine Administration  17
Screenshot 8 – Spam digest recipient list
5. Click on the Recipients list tab, add the users to receive the spam
digest and select the method used to determine who should receive
the spam digest. Available options are:

Only users listed below should receive the recipient spam digest.

All users except the ones listed below will receive the recipient
spam digest.
NOTE: The required list of users can also be imported from a file in
XML format in the same structure that GFI MailEssentials would
export files.
6. Select Apply and OK to finalize settings.
3.6 Creating email archives
GFI MailEssentials includes an archiving feature which enables the
retention of historical records related to your email communications.
Since GFI MailEssentials is an anti spam solution, the built-in
archiving feature is not intended to replace/replicate the functionality
provided by comprehensive email-archiving solutions such as GFI
MailArchiver.
Archiving requires database technology. GFI MailEssentials supports
both Microsoft Access and Microsoft SQL server.
18  2BRoutine Administration
Administration and configuration manual
Important notes
1. Internal email is not archived.
2. For larger networks Microsoft SQL Server is recommended.
3. Using Microsoft Access limits the size of the database to 2 GB.
MSDE and SQL Server Express are limited to 2 and 4 gigabytes
respectively.
3.6.1 Enable archiving
1. From the GFI MailEssentials configuration console right click Email
Management ► Mail Archiving and select Properties.
2. Click Mail Archiving tab and select whether to archive inbound
and/or outbound emails.
3. Select and configure the archival method:

Archive emails to a text file – Archives inbound and outbound
emails to separate inbound and outbound text files. Email
attachments are not archived when this option is selected.

Archive emails to a database – Archives all email to a Microsoft
Access or SQL/SQL Server Express/MSDE database. This feature
enables the archival of email attachments.
4. To exclude archiving of emails received by certain users, select the
Exceptions tab, tick Do not archive emails where the sender or
recipient is in the list below, click Add button and add user email
address in the Email list.
5. Click OK button to finalize your configuration.
3.6.2 Enabling Archive Web Interface access from GFI MailEssentials
Important notes
GFI MailEssentials Archive Web Interface is not supported on 64bit
Operating Systems.
Installing GFI MailEssentials Archive Web Interface (AWI) on
Microsoft IIS 7.0 (x86 systems)
To install AWI on Microsoft IIS 7.0, you need to:

Install the IIS Web Server Role Services.

Configure the IIS Web application which will be used by AWI.
AWI requires the following IIS Web Server Role Services in order to
work correctly:

ASP

Windows Authentication
To install IIS Web Server Role Services on Microsoft Windows 2008:
1. Open the ‘Server Manager’.
2. Expand the Roles node and select Web Server (IIS).
3. From the right pane, click on the Add Role Services button.
4. Select the ‘ASP’ and the ‘Windows Authentication’ role services and
click Next.
Administration and configuration manual
2BRoutine Administration  19
5. Click on the Install button to install the role services.
Configure the IIS Web application to be used by AWI on IIS
6.0
1. Start up Internet Services Manager, right click on the Website node,
and from the popup menu select New – Virtual Directory. The
Virtual Directory Creation Wizard is displayed. Click Next to
continue.
2. Enter an alias for the virtual directory. In this case it is AWI, but you
can enter whatever name you like, as long as it follows the folder
naming conventions used in Microsoft Windows.
3. You now need to enter the path where the content is located. Click
Browse, and folder AWI\wwwroot folder in the GFI MailEssentials
installation path.
Screenshot 9 - Setting permissions
4. Next you need to set the access permissions. Check the Read and
Run Scripts (such as ASP) checkboxes only. Make sure all the other
checkboxes are unchecked. Click Next and on the finish page click
Finish to finish the Virtual Directory Creation Wizard.
5. Right click on the newly created virtual directory, located under the
web root of your website server and select Properties from the
context menu.
20  2BRoutine Administration
Administration and configuration manual
Screenshot 10 - Setting Virtual Directory properties
6. In the Virtual Directory tab of the Properties dialog, check the
Read, Log Visits and Index this resource checkboxes. Make sure
that all the other checkboxes are unchecked. In the Execute
Permissions list box, select Scripts only.
7. Access the Documents tab. Remove all the default documents
except for default.asp.
8. Access the Directory Security tab and click on the Edit button in
the Authentication and access control group.
NOTE: Since the Archive Web Interface provides access to all the
emails archived by GFI MailEssentials, it is important to setup proper
authentication and security for this web server and virtual directory.
There are three ways to secure the Search Interface. These are Basic
Authentication, Digest and Integrated Windows Authentication.
Integrated Windows Authentication is the preferred choice in an Active
Directory environment, because it makes the authentication process
seamless, since initially it does not prompt the users for their
username or password information. Rather, it uses the current
Windows user information on the client computer for authentication. If
you are installing GFI MailEssentials in a DMZ, use Basic
authentication.
Administration and configuration manual
2BRoutine Administration  21
Screenshot 11 - Select authentication method
9. Check the Integrated Windows authentication checkbox
(recommended if installed on the internal network) OR Basic
Authentication checkbox (if installed in the DMZ). Ensure that the
Enable anonymous access checkbox is unchecked.
NOTE 1: If using Integrated Windows authentication, then
authentication will occur against Active Directory. This means you do
not need to configure additional users. If you use basic authentication,
authentication will occur against the local user database on the
machine. In this case create usernames and passwords on that local
machine. For more information on securing IIS, please review the IIS
documentation.
NOTE 2: Be sure you do not allow anonymous access.
10. Click OK to finalize your configuration.
Configure the IIS Web application to be used by AWI on IIS
7.0
To configure AWI on IIS 7.0:
1. Open ‘Administrative Tools’.
2. Enter the ‘Internet Information Services (IIS) Manager’.
3. Right-click on the website under which will host AWI web interface
and click Add Application.
4. Enter ‘AWI’ as the Alias and enter the path to the AWI ‘wwwroot’
folder located at <GFI\MailEssentials\AWI\wwwroot>.
22  2BRoutine Administration
Administration and configuration manual
Screenshot 12 - Internet Information Services (IIS) Manager: Add application
5. Click OK to create the new Application.
6. Click on the ‘AWI’ application which was just created and double
click the Authentication icon in the right pane.
Screenshot 13 - Internet Information Services (IIS) Manager
7. Right click on the Anonymous Authentication option and select
Disable.
8. Right click on the Windows Authentication option and select
Enable.
3.6.3 Accessing the Archive Web Interface
1. Launch internet explorer.
2. Key in: http://<machine_name>/<awi_virtual_folder_name>.

Example: http://master-domain.com/awi/
Administration and configuration manual
2BRoutine Administration  23
Screenshot 14 – Archive Web Interface (AWI) search page
The AWI will load the search page. Click on the Full Archive link in
the top right corner to access the full archive page.
3.7 Spam status and email processing reports
GFI MailEssentials enables you to create reports based data archived
to database. These reports assist you in knowing what spam is being
filtered out by GFI MailEssentials and what are the use levels of your
mail server and domain resources.
Important notes
Enable GFI MailEssentials archiving to use reporting. Refer to Enable
archiving section starting on page 19 in this manual for details on how
to enable archiving.
3.7.1 Enabling reporting
1. Select Email Management ► Reporting ► Properties and click
Configure button.
2. Select database type:

Microsoft Access - Specify the file name and location.

Microsoft SQL server - Specify server name, logon credentials
and database.
3. Click Test button to test the database configuration. Click OK to
save settings.
3.7.2 Using Reports
1. Launch the GFI MailEssentials Reporter by clicking Start ► All
Programs ► GFI MailEssentials ► GFI MailEssentials Reports.
24  2BRoutine Administration
Administration and configuration manual
2. Click Reports Option and select any Report or Statistics option.
3. Select File ► Print menu option to print reports.
NOTE: Select File ► Print Preview to preview how the report will be
printed.
4. To save a report click File ► Save As. Specify a name and a
location for the saved file and click the Save button.
NOTE: Report is saved to the location selected with the name
specified for the report. In the folder specified, two sub-folders are
created, ‘graphics’ and ‘report’. The ‘report’ sub-folder contains the
report files in HTML format. The ‘graphics’ sub-folder contains
graphics which are displayed in the HTML report.
3.7.3 Daily Spam Report
The Daily Spam Report shows the total emails processed, total spam
email caught, the spam percentage of total emails processed and how
many spam emails were caught by each individual anti-spam feature.
Each row in the report represents a day.
Screenshot 15 - Daily spam report
Report Options

Sort column: Sort the report by date, total spam processed,
keyword checking etc.

Multi Page report: Specify the number of days per page.
Filter options

Specific Email: Limit report to a specific email address.

Date Range: Limit report to a specific date range.
When all report options are selected, click Report to generate report.
Administration and configuration manual
2BRoutine Administration  25
3.7.4 Anti-Spam Rules Report
The Anti-spam Rules Report shows how much spam email each antispam method caught.
Screenshot 16 – Anti-spam Rules Report
Report Options

Specific Email: Limits the report to a specific email address.

Date Range: Limits the report to a specific date range.
When all report options are selected, click Report button to generate
report.
3.7.5 User Usage Statistics
The user usage statistics report gives an overview of how many
emails users send or receive and how large their sent or received
emails are.
26  2BRoutine Administration
Administration and configuration manual
Screenshot 17 - User usage statistics filter dialog
Report Type

Report Type: Specify reporting on inbound emails, outbound
emails, or both.
Report Options

Sort by: Specify sorting by email address, by number of emails, or
by the total size of the emails.

Highlight users: Identify users who send or receive more than a
specific number of emails or specific number of megabytes of
email.

List top: List only the top number of users in the report.

Multi Page report: Specify the number of users to display per
page.
Filter options

Specific Email: Limit the report to a specific email address.

Date Range: Limit the report to a specific date range.
When all report options are selected, click Report button to generate
report.
3.7.6 Domain Usage Statistics
The domain usage statistics report gives an overview of how many
emails are sent or received to non-local domains.
Administration and configuration manual
2BRoutine Administration  27
Screenshot 18 - Domain usage statistics filter dialog
Report Type

Report Type: By default report data for domain usage statistics is
always for both inbound and outbound emails.
Report Options

Sort by: Specify if the report is sorted by domain name, by
number of emails, or by the total size of the emails.

Highlight domains: Identify domains that send or receive more
than a specific number of emails or a specific number of
megabytes of email.

List to: List only the top number of domains in the report.

Multi Page report: Specify the number of domains to display per
page.
Filter options

Specific domain: Limit the report to a specific domain.

Date Range: Limit the report to a specific date range.
When all report options are selected, click Report button to generate
report.
3.7.7 Mail Server Daily Usage Statistics
This report gives an overview of how many emails, per day, are sent
or received on the mail server where GFI MailEssentials is installed.
28  2BRoutine Administration
Administration and configuration manual
Screenshot 19 - Mail server daily usage statistics filter dialog
Report Type

Report Type: The data for Mail Server Daily usage statistics is
always reported for both inbound and outbound emails.
Report Options

Sort by: Specify if report is sorted by date (since the report is per
day), by number of emails, or by the total size of the emails.

Highlight days: Identify the days on which you sent or received
more then a number of emails or a number of megabytes of email.

List top: List only the top specified number of days in the report.

Multi Page report: Specify the number of days to display per
page.
Filter options

Specific Email: Limit the report to a specific domain.

Date Range: Limit the report to a specific date range.
When all report options are selected, click Report button to generate
report.
3.7.8 User Communications
The User communications report enables you to review information on
what kind of emails each user has sent. Once a user communications
report is generated, the user record can be expanded to list the
subject of sent or received emails. Mail with the same subject is
grouped. These emails can be further expanded to reveal when and to
whom, email with that subject was sent.
Administration and configuration manual
2BRoutine Administration  29
Important notes
1. This report is a complex report that might take time to generate. It is
recommended that you limit the range to a specific user or to a
particular date range.
Screenshot 20 - The user communications report shows exact email trail
Report Type

Report Type: Specify reporting on inbound emails, outbound
emails, or both.
Report Options

Sort by: Specify if the report should be sorted by email address,
by number of emails, or by the total size of the emails.

Highlight users: Identify users who sent or received more then a
number of emails or a number of megabytes of email.

List top: List only the top specified number of users in the report.

Multi Page report: Specify the number of users to display per
page.
Filter options

Specific Email: Limit the report to a specific email address.

Date Range: Limit the report to a specific date range.
30  2BRoutine Administration
Administration and configuration manual
Screenshot 21 - User communications filter dialog
On selecting the required options, click Report button to generate
report.
3.7.9 Miscellaneous options

Excluding users from reports
The exclude users tool enables users to be exempted from reports
From the Tools ► Excluded Users List click on Add… button
and Add or Remove SMTP email address for the user to exclude
from reports.
Screenshot 22 - Excluded users dialog

Find Tool
Administration and configuration manual
2BRoutine Administration  31
The find tool enables the finding of strings in reports.
From the Tools ► Find menu option, key in the stings to find and
select Find Next to search for strings.
Screenshot 23 - Find dialog
3.8 Disabling/Enabling email scanning
Disabling email scanning disables all protection offered by GFI
MailEssentials and enables all emails (including Spam) to get to your
user’s mailboxes.
3.8.1 Microsoft Exchange 2000/2003 & IIS SMTP
To disable GFI MailEssentials from scanning all emails:
1. Launch command prompt
2. Navigate to the GFI MailEssentials installation folder
3. Run the following command:

Stop_snks.cmd
To enable GFI MailEssentials to start scanning all emails:
1. Launch command prompt
2. Navigate to the GFI MailEssentials installation folder
3. Run the following command:

start_snks.cmd
For more information on disabling and enabling email scanning refer
to:
http://kbase.gfi.com/showarticle.asp?id=KBID003468
3.8.2 Microsoft Exchange 2007
To disable GFI MailEssentials from scanning all emails:
1. Launch command prompt
2. Navigate to the GFI MailEssentials installation folder
3. Run the following command:

Disable_Agents.cmd
To enable GFI MailEssentials to start scanning all emails:
1. Launch command prompt
2. Navigate to the GFI MailEssentials installation folder
3. Run the following command:

Enable_Agents.cmd
32  2BRoutine Administration
Administration and configuration manual
For more information on disabling and enabling email scanning refer
to: http://kbase.gfi.com/showarticle.asp?id=KBID003468
Administration and configuration manual
2BRoutine Administration  33
4 Customizing GFI MailEssentials
4.1 Adding additional inbound email domains
Inbound Email Domains enable GFI MailEssentials to distinguish
between inbound and outbound email and therefore to identify which
emails should be scanned for spam. During installation, inbound email
domains are imported from the IIS SMTP service.
In some cases however local email routing in IIS might be required to
be configured differently:

Example: To add domains which are local for email routing
purposes but are not local for your mail server.
The instructions in this section show how to add or remove inbound
email domains after installation.
Important notes
Any domain on which you receive email that is not listed in the
inbound domains setup is not protected against spam by GFI
MailEssentials
4.1.1 Adding and removing inbound domains
1. Right click General node, select Properties and click on Inbound
Email Domains tab.
Administration and configuration manual
3BCustomizing GFI MailEssentials  35
Screenshot 24 - Adding an inbound email domain
2. Click Add… button and key in domain details to add new inbound
email domains. To remove domains, select the domain to remove and
click Remove.
3. Click OK to finalize settings.
4.2 Anti-spam filters
GFI MailEssentials uses various scanning filters to identify spam:
Filter
Description
SpamRazer
An anti-spam engine that determines if
an email is spam by using email
reputation, message fingerprinting and
content analysis.

Directory
Harvesting
Stops email which is randomly
generated towards a server, mostly
addressed to non-existent users.

PURBL
Blocks emails that contain links in the
message bodies pointing to known
phishing sites or if they contain typical
phishing keywords.

SPF
Stops email which is received from
domains not authorized in SPF records

36  3BCustomizing GFI MailEssentials
Enabled by
Default
Administration and configuration manual
Auto-Whitelist
Addresses to which an email is sent to,
are automatically excluded from being
blocked.

Whitelist
A custom list of safe email addresses

Custom
blacklist
A custom list of blocked email users or
domains.

DNS blacklists
Checks if the email received is from
senders that are listed on a public DNS
blacklist of known spammers.

SURBL
Stops emails which contain links to
domains listed on public Spam URI
Blocklists such as sc.surbl.org

Header
checking
A module which analyses the individual
fields in a header by referencing the
SMTP and MIME fields

Keyword
checking
Spam messages are identified based
on blocked keywords in the email title
or body

New Senders
Emails that have been received from
senders to whom emails have never
been sent before.

Bayesian
analysis
An anti-spam technique where a
statistical probability index based on
training from users is used to identify
spam.

4.2.1 Anti-Spam actions
GFI MailEssentials can take a number of actions when a message is
identified as spam. These include:

Deleting the message

Moving it to a central folder

Forwarding it to an email address

Tagging the mail

Moving it to junk mail folder.
NOTE: For detailed information on anti-spam actions refer to the
Spam Actions – What to do with spam email section starting on page
66 in this manual.
4.2.2 SpamRazer
SpamRazer is GFI’s primary anti-spam engine and is enabled by
default on installation. Frequent updates are released for SpamRazer
that will further increase the response time to new trends of spam.
NOTE: SpamRazer is also the anti-spam engine that blocks NDR
spam. For more information on GFI MailEssentials and NDR spam
refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID003322
Administration and configuration manual
3BCustomizing GFI MailEssentials  37
Configuring SpamRazer
NOTE 1: Disabling SpamRazer is NOT recommended.
NOTE 2: GFI MailEssentials 14 downloads SpamRazer updates from:
http://sn92.mailshell.net
1. Select Anti-Spam ► SpamRazer ► Properties.
Screenshot 25 – SpamRazer Properties
2. From the SpamRazer tab perform any of the following actions:

Select/unselect Enable SpamRazer engine checkbox to enable
or disable SpamRazer.
38  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 26 - Automatic SpamRazer updates
3. From the Updates tab perform any of the following actions:

Select/unselect Automatically check for updates checkbox to
configure GFI MailEssentials to automatically check for and
download any SpamRazer updates.
NOTE: It is recommended to leave this option enabled for
SpamRazer to be more effective in detecting the latest spam
trends.

Select/unselect Send a notification email when an update
succeeds checkbox to be informed via email when new updates
are downloaded.

Select/unselect Send a notification email when an update fails
to be informed when a download or installation fails.

Click Download updates now… to download updates.

Click Proxy settings to configure a proxy server.
4. Click Actions or Other tab to select the actions to perform on
messages identified as spam. For more information refer to the Spam
Actions – What to do with spam email section starting on page 66 in
this manual. Click OK to finalize your configuration.
4.2.3 Phishing URI Realtime Blocklist (PURBL)
Phishing is an email based social engineering technique aimed at
Administration and configuration manual
3BCustomizing GFI MailEssentials  39
having email users disclose personal details to spammers. A phishing
email is most likely crafted to resemble an official email originating
from a reputable business, for example a bank. Phishing emails will
usually contain instructions typically requiring users to reconfirm
sensitive information such as online banking details or credit card
information. Phishing emails usually include a phishing Uniform
Resource Identifier (URI) that the user is supposed to follow to key in
some sensitive information on a phishing site. The site pointed to by
the phishing URI might be a replica of an official site, but in reality it is
controlled by whoever sent the phishing emails. When the user enters
the sensitive information on the phishing site, the data is collected and
used, for example, to withdraw money from bank accounts.
The Phishing URI Realtime Blocklist (PURBL) feature detects phishing
emails by comparing URIs present in the email to a database of URIs
known to be used in phishing attacks. PURBL also looks for typical
phishing keywords in the URIs.
The PURBL filter is enabled by default on installation.
Configuring PURBL
NOTE 1: Disabling PURBL is NOT recommended.
1. Select Anti-Spam ► Phishing URI Realtime Blocklist ►
Properties.
Screenshot 27 - Phishing keywords
2. From the Phishing URI Realtime Blocklist tab perform the
following actions:
40  3BCustomizing GFI MailEssentials
Administration and configuration manual

Select/unselect Check mail messages for URI’s to known
phishing sites option to enable/disable PURBL.
3. From the Keywords tab perform the following actions:

Select/unselect the Check URIs in mail messages for typical
phishing keywords option to enable/disable checks for typical
phishing keywords.

Click Keyword button and enter keywords in the Enter a keyword
dialog to add keywords to the PURBL filter.

Select a keyword and click Edit or Remove to edit or remove a
keyword previously keyed in the PURBL filter.

Click Export to export current list of keywords in XML format.

Click Import button to import a keyword list previously exported to
XML.
Screenshot 28 - Automatic anti-phishing updates
4. From the Updates tab perform any of the following actions:

Select/unselect Automatically check for updates checkbox to
enable or disable the automatic check for and download of any
anti-phising updates.
NOTE: It is highly recommended to enable this option so that
frequent updates enable PURBL to be more effective in detecting
the latest phishing emails.
Administration and configuration manual
3BCustomizing GFI MailEssentials  41

Select/unselect Send a notification email when an update
succeeds checkbox to be informed via email when new updates
are downloaded.

Select/unselect Send a notification email when an update fails
to be informed when a download or installation fails.
5. Click Actions or Other tab to select the actions to perform on
messages identified as phishing emails. For more information refer to
the Spam Actions – What to do with spam email section starting on
page 66 in this manual. Click OK to finalize your configuration.
4.2.4 Sender Policy Framework (SPF)
The SPF filter is based on a community-based effort, which requires
that the senders publish their mail server in an SPF record. This filter
detects forged senders.

Example: If an email is sent from [email protected] then
companyABC.com must publish an SPF record in order for SPF to
be able to determine if the email was really sent from the
companyABC.com network or whether it was forged. If an SPF
record is not published by CompanyABC.com, the SPF result will
be ‘unknown’.
For more information on SPF and how it works, visit the Sender Policy
Framework website at: http://www.openspf.org.
The SPF filter is NOT enabled by default and should only be enabled
in cases where you think that the threat of forged senders is high.
GFI MailEssentials does not make it a requirement to publish any SPF
records. To publish SPF records use the SPF wizard at:
http://www.openspf.org/wizard.html.
Prerequisites
Before enabling the SPF filter on a non-gateway server installation:
1. Right click Anti-spam ► Properties and select Perimeter SMTP
Servers tab.
2. Click Auto Discovery button in the Perimeter SMTP setup option to
perform a DNS MX lookup and automatically define the IP address of
your perimeter SMTP server.
Configuring the SPF
1. Select Anti-Spam ► Sender Policy Framework ► Properties.
42  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 29 - Configuring the SPF block level
2. Define the sensitivity of the SPF test using the slider and click
Apply. Choose between four levels:

Never: Do not block any messages. SPF tests are omitted.

Low: Only block messages that are determined to have a forged
sender. This option treats any message with forged senders as
spam.

Medium: Block messages which appear to have a forged sender.
This option treats all messages that appear to have a forged
sender as spam.
NOTE: This is the default and recommended setting.

High: Block all messages that are not proven to be from a sender.
This option treats all email as spam, unless it could be proven that
the sender is not forged.
NOTE: Since the majority of mail servers do not yet have an SPF
record, this option is not recommended.
Administration and configuration manual
3BCustomizing GFI MailEssentials  43
Screenshot 30 – Current Perimeter SMTP Server setup
3. If this computer is NOT your perimeter SMTP server, a dialog
showing the perimeter SMTP server settings previously configured is
displayed. (I.e. the IPs specified for your perimeter SMTP server).
Screenshot 31 - Reminder: SPF must be installed on the perimeter SMTP server.
4. If GFI MailEssentials is installed on your perimeter SMTP server, or
if you have not yet specified that the mail server running GFI
MailEssentials is NOT a perimeter SMTP server, then a dialog box is
displayed. Configure the Perimeter SMTP Servers option in the Antispam node properties (right click on the Anti-Spam ► Properties ►
Perimeter SMTP Servers tab).
5. Test the DNS settings/services, by clicking on Test.
44  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 32 - Configuring the SPF exceptions
6. Select the Exceptions tab to configure IP addresses and recipients
to exclude from SPF checks:

IP exception list: Entries in this list automatically pass SPF
checks.
Select Add to add a new IP address or select entries from the list
and click Remove button to remove entries. To disable the IP
exception list unselect the IP exception list checkbox.

Recipient exception list: This option ensures that certain
recipients always receive emails, even if the messages are
rejected. A recipient exception can be entered in any of three
ways:
o
localpart – ‘abuse’ (matches ‘[email protected]’,
‘[email protected]’, etc...)
o
domain – ‘@abc.com’ (matches ‘[email protected]’,
‘[email protected]’, etc...)
o
complete – ‘[email protected]’ (only matches ‘[email protected]’)
To disable the recipient exception list unselect the Recipient
exception list checkbox.

Trusted Forwarder SPF Global Whitelist: This whitelist
(www.trusted-forwarder.org) provides a global whitelist for SPF
users. It is a way of allowing legitimate email that is sent through
known, trusted email forwarders.
NOTE:
By
Administration and configuration manual
default,
this
setting
is
enabled.
It
is
highly
3BCustomizing GFI MailEssentials  45
recommended to leave this option always enabled.
7. Click Actions or Other tab to select the actions to perform on
messages identified as phishing emails. For more information refer to
the Spam Actions – What to do with spam email section starting on
page 66 in this manual. Click OK to finalize your configuration.
4.2.5 Whitelist
The Whitelist is a list of email addresses and domains from which to
always receive emails. Emails sent from these email addresses or
domains will never be marked as spam. Keywords can also be
configured, which if found in the body or subject will automatically
whitelist the email.
GFI MailEssentials also features an automatic autowhitelist option that
automatically whitelists email addresses to whom emails are sent.
This enables the receipt of emails from anyone to whom an email is
sent to.
The whitelist and autowhitelist features are enabled by default on
installing GFI MailEssentials.
Important notes
1. The total amount of email addresses stored is a maximum of
30,000 addresses after which, the oldest records are replaced.
2. It is highly recommended to leave the auto whitelist feature enabled
since this eliminates a high percentage of false positives.
3. Entering too many keywords increases the possibility of spam
getting though the spam filters.
Configuring Whitelist
1. Select Anti-Spam ► Whitelist ► Properties.
46  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 33 - Whitelisted domains
2. From the Whitelist tab add a whitelisted domain or email address
by clicking Add.
Screenshot 34 - Adding a whitelisted email entry
3. In the Enter Email Address/Domain dialog specify:

full email address; or

emails
from
an
entire
*@companysupport.com); or

an entire domain suffix (for example: *@*.mil or *@*.edu)
domain
(for
example:
NOTE: When configuring entire domain suffices ensure that, for
Administration and configuration manual
3BCustomizing GFI MailEssentials  47
example, emails sent from military or educational domains are
never marked as spam.
Also specify which email header field must be matched for the emails
to be whitelisted by clicking Check….

Example: To whitelist all inbound email sent by a specific user,
select the Check MIME FROM: option.
NOTE 1: Some newsletters use mailers that do not address the
sender in the MIME TO field causing the GFI MailEssentials header
checking feature to mark it as spam. These should be whitelisted with
the Check MIME TO: option.
NOTE 2: To exclude a local user from spam filtering, simply enter the
email address of the user, and select the Check MIME TO: option.
Click OK to finalize email/domain entry.
Screenshot 35 - Auto Whitelist options
4. In the whitelist tab set up the Auto Whitelist feature through the
following options:

Check emails against Auto Whitelist: Scans incoming emails
and matches their senders against the auto whitelist. If the sender
is present in the list, the email is forwarded directly to the
recipient’s inbox.
NOTE: This feature is enabled by default but can be disabled by
unmarking the Check emails against Auto Whitelist option.

Populate Auto Whitelist automatically: Extracts the destination
48  3BCustomizing GFI MailEssentials
Administration and configuration manual
email addresses from outbound emails and automatically adds
them to the whitelist
NOTE 1: This feature is enabled by default but can be disabled by
unmarking the Populate Auto Whitelist automatically option.
NOTE 2: Auto whitelist entries can be viewed by selecting the
Show automatically entered option from the Filter dropdown
located at the top (right) of the page.
Screenshot 36 - Whitelisting keywords
5. Select the Keyword Whitelist (Subject) or Keyword Whitelist
(Body) tabs to specify keywords that flag emails as ham (valid email)
and automatically allows the email to skip all the anti-spam filters.
Specify new keywords by clicking Add button or use the Remove,
Edit, Import and Export buttons to modify existing keywords.
Administration and configuration manual
3BCustomizing GFI MailEssentials  49
Screenshot 37 – Whitelisting IPs
6. Click on the IP Whitelist tab to bypass anti-spam checks on emails
sent from servers that have the IP address listed in the IP Whitelist.
Enable this feature by selecting the Enter IP’s from which mails are
classified as HAM… option and click Add button to key in a single IP
address or subnet/mask to bypass SPAM checks.
7. Click Actions tab to select the actions to perform on messages
identified as spam. For information on the actions to perform refer to
the Spam Actions – What to do with spam email section starting on
page 66 in this manual.
8. Click OK to finalize your configuration.
4.2.6 Directory harvesting
Directory harvesting attacks occur when spammers use known email
addresses as a template to create other email addresses addressed
to corporate or ISP email servers. Spammers send emails to randomly
generated email addresses and while some email addresses may
match real users, the majority of these messages is invalid and
consequently floods the victim’s email server.
GFI MailEssentials stops these attacks by blocking emails addressed
to users not in the organizations’ Active Directory or email server.
Directory harvesting can either be configured to execute when the full
email is received (Transport sink) or at SMTP level i.e. on receiving
the sending IP, email and recipients (SMTP protocol sink). SMTP level
50  3BCustomizing GFI MailEssentials
Administration and configuration manual
filtering terminates the email’s connection and therefore stops the
download of the full email, economizing on bandwidth and processing.
In this case the connection is terminated immediately and emails are
not required to go through any other anti-spam filters.
This filter is NOT enabled by default on installing GFI MailEssentials.
Configuring Directory Harvesting
Directory Harvesting is set up in two stages:
Stage 1 - Configuring Directory Harvesting properties
Stage 2 – Selecting the Directory Harvesting method
Stage 1 - Configuring Directory Harvesting properties
1. Select Anti-Spam ► Directory Harvesting ► Properties and click
on Enable directory harvesting protection option.
Screenshot 38 - The directory harvesting feature
2. Select the lookups method to use:

Use native Active Directory lookups option if GFI MailEssentials
is installed in Active Directory user mode.
NOTE 1: Where GFI MailEssentials is installed in Active Directory
user mode on a DMZ, the AD of a DMZ usually will not include all
the network users (email recipients). In this case perform directory
Administration and configuration manual
3BCustomizing GFI MailEssentials  51
harvesting using LDAP lookups .
NOTE 2: When GFI MailEssentials is behind a firewall, the
Directory Harvesting feature might not be able to connect directly
to the internal Active Directory because of Firewall settings. Use
LDAP lookups to connect to the internal Active Directory of your
network and ensure to enable default port 389 on your Firewall.

Use LDAP lookups to configure your LDAP settings if GFI
MailEssentials is installed in SMTP mode. If your LDAP server
requires authentication, unmark the Anonymous bind option and
enter the authentication details that will be used by this feature.
Click on Test button to test your LDAP configuration settings.
NOTE 1: Specify authentication credentials using Domain\User
format (for example master-domain\administrator).
NOTE 2: In an Active Directory, the LDAP server is typically the
Domain Controller.
3. In the Block if non-existent recipients equal or exceed option
specify the amount of non-existent recipients that will qualify the email
as SPAM. If the total amount of recipients is less than the number
specified, the action configured is triggered only if ALL the recipients
do not exist, otherwise the email is not marked as SPAM.
NOTE: Avoid false positives by configuring a reasonable amount in
the Block if non-existent recipients equal or exceed edit box. This
value should account for users who send legitimate emails with
mistyped email addresses or to users no longer employed with the
company.
Stage 2 – Selecting the Directory Harvesting method
1. Right click Anti-spam ► Order module priorities.
52  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 39 – Anti-spam ordering dialog
2. In the plug-in list, select Directory Harvesting and click on:

Switch to SMTP data filtering – Switches to SMTP data filtering
from full email filtering.

Switch to full email filtering – Switches to full email filtering from
SMTP data filtering.
3. Click Actions or Other tab to select the actions to perform on
messages identified as spam. For information on the actions to
perform refer to the Spam Actions – What to do with spam email
section starting on page 66 in this manual.
NOTE: If Directory Harvesting is set at SMTP protocol sink level, only
the Log Occurrence option will be available in the Actions tab.
4. Click OK to finalize your configuration.
4.2.7 Custom Blacklist
The Blacklist is a custom database of email addresses and domains
from which you never want to receive emails.
This filter is enabled by default on installing GFI MailEssentials.
Configuring Custom Blacklists
Select Anti-Spam ► Custom Blacklist ► Properties.
Screenshot 40 - The custom blacklist
2. Click Add to add a blacklisted domain or email address.
Administration and configuration manual
3BCustomizing GFI MailEssentials  53
Screenshot 41 - Adding a blacklisted email entry
3. In the Enter Email Address/Domain dialog specify a full email
address; or an entire domain (for example: *@spammer.com); or an
entire domain suffix (for example: *@*.tv). Also, specify which email
header field is to be matched for the emails to blacklist by clicking
Check MIME TO: or Check MIME FROM:
4. Select Actions or Other tab to select the actions to perform on
spam. For a more information refer to the Spam Actions – What to do
with spam email section starting on page 66 in this manual.
5. Click OK to finalize your configuration.
4.2.8 Bayesian analysis
The Bayesian filtering is an anti-spam technology in use within GFI
MailEssentials that employs adaptive techniques based on artificial
intelligence algorithms, hardened to withstand the widest range of
spamming techniques available today.
For more information on how the Bayesian filter works, how it can be
configured and how it can be trained refer to Appendix 2 – Bayesian
Filtering on page 115 in this manual.
NOTE: The Bayesian anti-spam filter is disabled by default.
IMPORTANT: Allow at least a week for the Bayesian filter to
achieve its maximum performance after enabling it. This is
required because the Bayesian filter acquires its highest
detection rate when it adapts to your email patterns.
Configuring the Bayesian filter
Configuring the Bayesian filter requires 2 stages:
Stage 1: Training the Bayesian filter
Stage 2: Enabling the Bayesian filter
Stage 1: Training the Bayesian filter
The Bayesian filter can be trained in two ways:
1. Automatically, through outbound emails.
GFI MailEssentials collects legitimate email (ham) by scanning
outbound email. The Bayesian filter can be enabled after it has
collected at least 500 outbound emails (If you send out mainly English
email) or 1000 outbound mails (If you send out non-English email).
54  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 42 - Supplying ham to the Bayesian filter
2. Manually, through existing email.
Copying between 500-1000 mails from your sent items to the This is
legitimate email sub folder in the GFI AntiSpam Folders public
folders trains the Bayesian filter in the same way as live outbound
email sending.
Stage 2: Enabling the Bayesian filter
After the Bayesian filter is trained, it must be enabled.
Administration and configuration manual
3BCustomizing GFI MailEssentials  55
Screenshot 43 - Bayesian analysis properties
1. From the GFI MailEssentials configuration console, select AntiSpam ► Bayesian Analysis ► Properties. From the General tab
select Enable Bayesian Analysis checkbox.
2. Ensure that Automatically learn from outbound emails option is
enabled. This continuously updates the legitimate email database with
data from outbound emails.
3. In the Updates tab, configure the frequency of updates to the spam
database by enabling Automatically check for updates and
configuring an hourly interval.
NOTE 1: Click the Download updates now button to immediately
download any updates.
NOTE 2: Updates are downloaded from the preferred server selected.
For more information on how to select preferred servers, refer to
Selecting the server from where to download updates section on page
99 in this manual.
4. Click Actions or Other tab to select the actions to perform on
messages identified as spam. For information on the actions to
perform refer to the Spam Actions – What to do with spam email
section starting on page 66 in this manual.
5. Click OK to finalize your configuration.
4.2.9 DNS blacklists (DNSBL)
GFI MailEssentials supports a number of DNS blacklists. These SMTP
server databases list servers that have been used for spamming.
There are a number of third party DNS blacklists available, ranging
from reliable lists that have clearly outlined procedures for getting on
or off the DNS blacklist to less reliable lists.
When an email is in transit from the sender to the recipient, it goes
through a number of SMTP servers until it reaches the final
destination. The IP address of each SMTP server is recorded in the
email header. This filter enables GFI MailEssentials to check all the
public IP addresses found in the message header with the DNSBL
database configured.
GFI MailEssentials checks all the public IP addresses found in the
message header with the DNSBL database configured. GFI
MailEssentials records all the IP addresses checked in an internal
database and will not perform further checks with the DNSBL for the
same IPs. The IP addresses are kept in the database for 4 days, or
until the Simple Mail Transport Protocol (SMTP) service is restarted.
This filter is enabled by default on installing GFI MailEssentials.
Important notes
1. The DNS server must be properly configured for this feature to
work. If this is not the case, time outs will occur and email traffic will be
slowed down. Refer to
http://kbase.gfi.com/showarticle.asp?id=KBID001770 for more
information.
2. Querying a DNS blacklist can be slow (depending on your
connection), so email can be slowed down a little bit, especially if
56  3BCustomizing GFI MailEssentials
Administration and configuration manual
multiple DNS blacklists are queried.
Configuring DNSBL
1. Select Anti-Spam ► DNS Blacklists ► Properties.
2. Check the Check whether the sending mail server is on one of
the following DNS Blacklists: checkbox.
3. Select the appropriate DNS blacklists to check incoming email
against and click the Test button to check if the selected blacklists are
available.
Screenshot 44 - Adding more DNS blacklists
4. If required, add more DNS Blacklists to the ones already listed by
clicking Add button and keying in the domain containing the DNSBL.
NOTE: The order of reference for an enabled DNS blacklist can be
changed by selecting a blacklist and clicking on the Up or Down
buttons.
5. Select the Block emails sent from dynamic IP addresses listed
on SORBS.net to enable GFI MailEssentials to detect spam sent from
botnet/zombies by looking up the incoming connection IP with known
Botnet/Zombie IP addresses in the Sorbs.net database.
6. Click Apply to save the configuration.
Screenshot 45 – Current Perimeter SMTP Server setup
7. If this computer is NOT your SMTP server a dialog box showing the
perimeter SMTP server settings that you have configured in GFI
MailEssentials (i.e. the IPs specified for your perimeter SMTP server)
is displayed.
Screenshot 46 - Reminder: SPF must be installed on the perimeter SMTP server.
Administration and configuration manual
3BCustomizing GFI MailEssentials  57
7. If this installation is on the SMTP server or if the mail server where
GFI MailEssentials is installed is not yet specified, a dialog box will
remind that this computer is not a perimeter server.
8. Click Actions or Other tab to select the actions to perform on
messages identified as spam. For information on the actions to
perform refer to the Spam Actions – What to do with spam email
section starting on page 66 in this manual.
9. Click OK to finalize your configuration.
4.2.10 Spam URI Realtime Blocklists (SURBL)
A Universal Resource Identifier (URI) is a standard means of
addressing resources on the Web. Common URIs such as Uniform
Resource Locators (URLs) and Uniform Resource Names (URNs) are
used to identify the destination of hypertext links as well as the
sources of images, information and other objects in a Web Page.
URLs are most generally used in websites but can also be included as
part of an email message body.
SURBLs differ from most other RBLs in that they are used to detect
spam based on message body URIs. Unlike most other RBLs,
SURBLs are not used to block spam senders. Instead, they enable
blocking of messages that have spam hosts (for example web servers,
domains, websites) which are mentioned in message bodies.
This filter is enabled by default on installing GFI MailEssentials.
Configuring SURBL
58  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 47 – Spam URI Realtime Blacklist properties
1. Select Anti-Spam ► Spam URI Realtime Blocklists ►
Properties.
2. From the Spam URI Realtime Blacklist tab:

Check/Uncheck the Check if mail message contains URIs with
domains that are in these blacklists: option to enable/disable
this feature.

From the available list select the blacklists used as reference when
checking messages using the SURBL feature.

Click Add button to add more SURBLs.
Test the connection to by clicking Test button and click Apply to save
settings.
NOTE 1: Specify the full name of the domain (for example
URIBL.com) containing the blacklist.
NOTE 2: Multi.surbl.org combines the following lists in a unique list:

sc.surbl.org

ws.surbl.org

phishing data source from mailsecurity.net.au

phishing data source from fraud.rhs.mailpolice.com

ob.surbl.org

ab.surbl.org

jp data source
Disable all other SURBL lists when enabling multi.surbl.org as this
might increase email processing time.
In case a high rate of false positives is experienced, it is suggested
that multi.surbl.org is disabled and the other SURBL lists are enabled.
For
more
information
http://www.surbl.org/lists.html.
on
SURBL
lists,
refer
to
5. Click Actions or Other tab to select the actions to perform on
messages identified as spam. For information on the actions to
perform refer to the Spam Actions – What to do with spam email
section starting on page 66 in this manual.
6. Click OK to finalize your configuration.
4.2.11 Header checking
The header checking filter analyses the individual fields in a header.
This method references SMTP and MIME fields where SMTP fields
are specified by the mail server and the MIME fields are specified by
the email client (which encodes the email to MIME).
Configuring Header Checking
1. Select Anti-Spam ► Header Checking ► Properties.
Administration and configuration manual
3BCustomizing GFI MailEssentials  59
Screenshot 48 - Header checking general tab
2. In the General and General Contd. tabs, enable, disable or
configure the following parameters:

Checks if the email header contains an empty MIME FROM
field: Checks if the sender has identified himself in the From: field.
If this field is empty, the message is marked as spam.

Checks if the email header contains a malformed MIME
FROM: field: Checks if the MIME from field is a correct notation (if
the header matches the RFC).

Maximum number of recipients allowed in email: Identifies
emails with large amounts of recipients and flags them as SPAM.

Marks email with different SMTP TO: and MIME TO: fields in
the email addresses as spam: Checks whether the SMTP to:
and MIME to: fields are the same. The spammers email server
always has to include an SMTP to: address. However, the MIME
to: email address is often not included or is different.
NOTE: This feature identifies a lot of spam, however some list
servers do not include the MIME to: either. It is therefore
recommended to whitelist newsletter sender address to use this
feature.

Check if email contains remote images only: Flag emails that
only have remote images and a minimal amount of text as spam.
Assists in identifying ‘image only email’ spam.

Verify if sender domain is valid: Performs a DNS lookup on the
domain in the MIME from field and verifies the domain validity.
60  3BCustomizing GFI MailEssentials
Administration and configuration manual
NOTE: Ensure that the DNS server is properly configured to avoid
timeouts and slow email flow. In addition, a lot of valid email can
be tagged as spam. Test your DNS server/services by clicking
Test button.

Maximum numbers allowed in MIME FROM: Identifies the
presence of more than 3 numbers in the MIME from as a spam
message. Spammers often use tools that automatically create
reply-to: addresses. Frequently they use 3 or more numbers in the
name to make sure the reply-to: is unique.

Checks if the email subject contains the first part of the
recipient email address: Identifies the personalized spam email,
where spammers frequently include the first part of the recipient
email address in the subject.
NOTE: Ensure that email addresses for which this check should
not be done is configured by clicking on the Except… button. This
enables generic email addresses to which customers reply with,
for example emails from [email protected] with a subject ‘Your
email to sales’, not to be marked as spam

Check if email contains encoded IP addresses: Checks the
message header and body for URLs which have a hex/octal
encoded IP (http://0072389472/hello.com) or which have a
username/password
combination
(for
example
[email protected]).
o

The following examples are flagged as spam:

http://12312

www.microsoft.com:hello%01@123123
Check if email contains embedded GIF images: Checks if the
email contains one or more embedded GIF images. Embedded
GIF images are often used to circumvent spam filters.
IMPORTANT: Since some legitimate emails contain embedded
GIF images, this option is prone to false positives.

Check if email contains attachment spam: Checks email
attachments for properties that are common to attachments sent in
spam email. This helps in keeping up with the latest techniques
used by spammers in using attachments to send spam.
Administration and configuration manual
3BCustomizing GFI MailEssentials  61
Screenshot 49 - Language detection
3. In the Languages tab, select the Block mails that use these
languages (character sets) option to block emails sent using
character sets which are not typical of the emails received (for
example Chinese or Vietnamese).
NOTE: This feature does not distinguish between languages with the
same character set (for example Italian and French).
4. Click Actions or Other tab to select the actions to perform on
messages identified as spam. For information on the actions to
perform refer to the Spam Actions – What to do with spam email
section starting on page 66 in this manual.
5. Click OK to finalize your configuration.
4.2.12 Keyword checking
Keyword checking enables the identification of spam messages based
on keywords in the email being received.
This filter is NOT enabled by default.
Configuring Keyword Checking
1. Select Anti-Spam ► Keyword Checking ► Properties.
62  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 50 – Anti-spam keyword checking properties
2. Choose Scan e-mail body for the following keywords or
combinations of keywords: checkbox to enable this feature.
3. Click Keyword button to enter keywords. If multiple words are
keyed in, then GFI MailEssentials will search for that phrase.

Example: For ‘Basketball sports’, GFI MailEssentials will check for
the phrase 'Basketball sports'. Only this phrase would activate the
rule, not the word basketball OR sports separated by some other
words.
Administration and configuration manual
3BCustomizing GFI MailEssentials  63
Screenshot 51 - Adding a condition
4. Add logical operators by clicking the Condition… button.
NOTE: Conditions are combinations of keywords using the operands
IF, AND, AND NOT, OR, OR NOT. Using conditions specify
combinations of words that must appear in the email.

Example: A condition ‘If Word1 AND Word2’ will check for Word1
and Word2. Both words would have to be present in the email to
activate the rule.
To add a condition, click the Condition… button.
5. Choose the Subject tab and check the Scan e-mail subject for
the following keywords or combinations of keywords checkbox.
Configure the words to check for in the subject of the message.

To enter single words or phrases without logical operators, click
the Keyword… button.

To enter keywords combined with logical operators click the
Condition… button.
6. Click Actions or Other tab to select the actions to perform on
messages identified as spam. For information on the actions to
perform refer to the Spam Actions – What to do with spam email
section starting on page 66 in this manual.
7. Click OK to finalize your configuration.
4.2.13 New Senders filter
The New Senders filter enables GFI MailEssentials to automatically
identify emails sent from senders to whom emails have never been
sent before. Such senders are identified by referencing the data
collected in the Whitelist.
Only emails in which no spam was detected and whose senders are
not present in any Whitelist are delivered in the New Senders folder.
Since such emails could also be sent from legitimate users, these are
collected in a dedicated folder. This makes these emails easily
identifiable. Subsequently, these can be reviewed emails and any
undetected spam added to the custom blacklist.
This filter is NOT enabled by default.
Important notes
1. Enable at least one of the available Whitelist to use the New
Senders function. In the absence of the Whitelist functions (should no
spam be detected by the other filters) received messages will be
delivered to the recipient’s inbox. ONLY emails in which no spam was
detected and whose senders are not present in the Whitelist are
delivered in the New Senders folder.
Configuring New Senders Filter
1. Select Anti-Spam ► New Senders ► Properties.
64  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 52 - New Senders properties
2. In the New Senders Properties tab, check the Enable New
Senders checkbox to enable the check for new senders on all
inbound messages and click on Apply button.
Administration and configuration manual
3BCustomizing GFI MailEssentials  65
Screenshot 53 - New Senders Exception setup
3. Select Exceptions tab and check the MIME TO exception list:
checkbox to configure local recipients whose emails are excluded
from the New Senders check.
4. Click on Add… button and key in the email address of the sender.

Example: [email protected].
Repeat for each address to add, and click Apply button to save.
NOTE: To temporarily disable your exception list, do not delete all
address entries made, but uncheck the MIME TO exception list:
checkbox.
5. Click Actions tab to select the actions to perform on messages
identified as spam. For information on the actions to perform refer to
the Spam Actions – What to do with spam email section in this
manual.
6. Click OK to finalize setup
4.2.14 Spam Actions – What to do with spam email
The Actions and the Other tabs in the Anti-Spam filter dialogs define
what should be done with emails marked as spam. Different actions
can be defined for each of the spam filters. This feature conveniently
enables the use of separate folders for storing spam detected by each
filter. This enables you to immediately identify why email was marked
as spam as well as make it easier to perform operations on emails
blocked by a particular filter.
66  3BCustomizing GFI MailEssentials
Administration and configuration manual

Example: Delete emails marked by the blacklist spam filter, but do
not delete emails marked as spam by the keyword checking filter.
NOTE: The options in the actions tab are identical for each spam filter
except for Whitelist (spam filters bypass) and New Senders (cannot
move spam to junk mail folder).
Configuring Spam Actions
Screenshot 54 - Configuring the action that should be taken
1. In the Actions tab, select an option that defines which action to
take on emails marked as spam:

Delete – Deletes email identified as spam.

Move to subfolder of user’s mailbox – Spam email is sent to a
set of subfolders in the user’s mailbox. A folder is created with the
name specified and all email marked as spam by the anti-spam
filter is sent to this folder. Users can periodically check email
marked as spam, and identify email that might have been wrongly
marked (false positives).
NOTE 1: Type inbox/junk mail for a custom junk mail folder to be
created in the inbox folder. If not, it will be created at the same
nesting level of the inbox folder. Through different folder names for
different filters, spam is automatically sorted to different folders
depending on which filter identified it as spam.
NOTE 2: This option requires:
Administration and configuration manual
3BCustomizing GFI MailEssentials  67

o
That GFI MailEssentials is installed on the Microsoft
Exchange Server machine,
o
That Active Directory mode is enabled
o
That Microsoft Exchange Server 2000/2003 or Microsoft
Exchange Server 2007 with the Mailbox Server Role is
present
Forward to email address – Send email tagged as spam to a
specific email address.
o
Example: An email address of a public folder. This way
someone can be assigned to periodically check email
marked as spam, and identify email that might have been
wrongly marked as spam. This feature can also be used to
fine tune spam filtering.
The subject of the email will be in the [recipient] [subject] format

Move to the specified folder – Saves email detected as spam to
the path specified,
o
Example: ‘C:\GFI MailEssentials\DetectedSpam’.
The file name of the saved email is in the following format:
[Sender_recipient_subject_number_.eml] (for example:
C:\Spam\[email protected][email protected]_MailOffers_1_.e
ml)

Tag Email with the following text – Tags spam email but does
not block or delete it. Also specify where to insert this tag by
selecting:
o
Prepend to subject – to insert the specified tag at the start
(i.e. as a prefix) of the email subject text.

o
Append to subject – to insert the specified tag at the end
(i.e. as a suffix) of the email subject text.

o
Example: ’[SPAM]Free Web Mail)’.
Example: ‘Free Web Mail[SPAM])’.
Add tag in a new X-header… - to add the specified tag as
a new X-header to the email. In this case, the X-Header will
have the following format :
X-GFIME-SPAM: [TAG TEXT]
X-GFIME-SPAM-REASON: [REASON]

Example:
X-GFIME-SPAM: [This is SPAM]
X-GFIME-SPAM-REASON:
[DNSBL
Check
failed – Sent from Blacklisted Domain]

Move to user’s junk mail folder - On Microsoft Exchange Server
2003 or Microsoft Exchange Server 2007 with the Mailbox Server
Role installed, GFI MailEssentials can tag spam in such a way that
Microsoft Outlook will sort the email to the user’s junk mail folder.
NOTE: It is recommended to use the move to users spam folder
feature instead, since this allows using a different folder name for
different filters. Spam email is then automatically sorted to a
different folder depending on which filter identified it as spam,
greatly easing the spam reviewing process.
68  3BCustomizing GFI MailEssentials
Administration and configuration manual
Other options
Screenshot 55 - The other actions tab
Select the Other tab, to specify a number of optional actions:

Log occurrence to this file - Log the spam email occurrence to a
log file of your choice.

Generate Non Delivery Report (NDR) - Create and send a fake
Non Delivery Report (NDR). This causes most bulk mailing
software to remove your address from their database. Can also be
used to notify sender that email has been considered as spam.
NOTE: To customize the fake NDR edit “ndr.xml” located in
MailEssentials\templates directory using notepad or any XML editor.
4.2.15 Anti-spam global actions
A lot of spam is sent to email addresses that no longer exist.
Generally, these emails are simply deleted however for
troubleshooting or evaluation purposes, you might want to move these
emails to a folder or forward them to a particular email address.
NOTE: This section applies only for installations on Microsoft
Exchange Server 2000/2003/2007 that have the Move to subfolder
of user’s mailbox enabled. Refer to the Spam Actions – What to do
with spam email section starting on page 66 in this manual for more
information on how to enable this feature.
On other servers, the anti-spam global actions tab will not appear.
Administration and configuration manual
3BCustomizing GFI MailEssentials  69
Configuring Anti-Spam Global Actions
1. Right click Anti-Spam node and select Properties.
Screenshot 56 - Global actions
2. Select Global Actions tab and choose whether to:

Delete the email

Forward it to an email address

Move it to a specified folder.
3. Select the Log occurrence to this file to log spam to a log file.
4.2.16 Sorting anti-spam filters by priority
In GFI MailEssentials, the order in which the anti-spam checks are
applied to inbound messages can also be customized.
NOTE: The order of all available filters can be customized except for
the New Senders filter, which is always automatically set to the lowest
priority. This is due to its dependency on the results of the Whitelist
checks and the other anti-spam filters.
70  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 57 – Assigning filter Priorities
1. Right click Anti-Spam node and select Order module priorities.
(up) button to assign a higher
2. Select a filter and click on the
priority to the selected filter or click on the
(down) button to assign
a lower priority to the selected filter.
NOTE: Click on the Default Settings button to restore the filter order
to the default order.
3. Click OK button to finalize your configuration. Changes take effect
immediately.
4.3 Disclaimers
Disclaimers are standard text added to the bottom or top of outbound
email for legal and/or marketing reasons. These assist companies in
protecting themselves from potential legal threats resulting from the
contents of an email and to add descriptions about the
products/services offered.
Important notes
1. Disclaimers are only added to outbound email.
2. Restart IIS services and GFI MailEssentials after disabling a
disclaimer for the changes to take effect.
4.3.1 Configuring disclaimers
1. Right click Email Management ► Disclaimers node and select
New ► Disclaimer.
Administration and configuration manual
3BCustomizing GFI MailEssentials  71
Screenshot 58 - Selecting a domain or user disclaimer
2. Select:

Domain - Choose the domain from the list of configured domains.
All emails sent from that domain will have the disclaimer added.

User - Specify a user or a group of users, to whom the disclaimer
will be added for outbound emails. If GFI MailEssentials is in
Active Directory mode, pick users or groups of users directly from
Active Directory; else specify the SMTP email address of the user.
Screenshot 59 - Adding a disclaimer
3. Select Top or Bottom option to configure if disclaimer should be
located at the top or bottom of the email.
72  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 60 - The HTML disclaimer editor
4. If required, click Edit HTML to bring up the HTML disclaimer editor
that enables you to specify different font styles.
For HTML disclaimers use the editor like a simple word processing
application. Insert variables using the Insert menu option. Variables
are replaced with the real recipient or sender name in the email.
Include the following fields in the disclaimer text:

[Date]

[Sender Name]

[Sender Email]

[Recipient Name]

[Recipient Email]
6. Click Close to add disclaimer.
Screenshot 61 - Including variables in your disclaimer
7. A text-based version of your disclaimer can also be included for use
in plain text only emails. Insert the text directly into the Text
Disclaimer edit field. Use the Variable… button to add variables.
NOTE: The recipient display name and email address variables will
only be replaced if the email is sent to a single recipient. If emails are
sent to multiple recipients, the variables are replaced with 'recipients'.
8. Import or export your disclaimer using the Import and Export
buttons and click OK to exit dialog.
The newly created disclaimer is displayed in the right pane of the GFI
MailEssentials configuration console. To give the new disclaimer a
more useful name, click on the disclaimer and press the F2 key.
4.3.2 Disabling and enabling disclaimers
By default new disclaimers are automatically enabled. To disable or
enable a disclaimer:
Administration and configuration manual
3BCustomizing GFI MailEssentials  73
1. Right click the disclaimer to disable.
2. Select Disable or Enable to perform the desired action.
4.4 Auto-replies
The Auto reply feature enables sending of automated replies to
specific inbound emails. A different auto reply for each email address
or subject can be specified. You can use variables in an auto reply to
personalize an email.
Important notes
1. Do not include any body text beyond 30-40 characters per line and
carriage returns. Some older mail servers truncate lines at 30-40
characters.
4.4.1 Configuring auto-replies
1. Right click Email management ► Auto-Replies node and select
New ► Auto-Reply.
Screenshot 62 - Creating a new auto reply
2. Key in the email address to configure an auto reply and click OK.

Example – If ‘[email protected]’ is provided, emails sent
to this email address will receive an auto reply.
74  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 63 - Auto-reply properties
3. Check the and subject contains checkbox to enable auto replies
for emails containing specific text in the subject field.
4. In the Auto Reply from: field, specify an email address in case
where an autoreply is required from a different email address other
than the email address to which the inbound email was addressed to.
5. In the Auto Reply subject field, specify the subject of the auto
reply email.
6. In the Auto Reply text edit box, specify the text to display in the
auto reply email.
NOTE: Import auto reply text from a text file via the Import… button.
Screenshot 64 - Variables dialog
7. Click on Variable… to personalize auto replies using variables.
Select variable field to insert and click OK. Available variables are:

Date Field - Inserts the email sent date.
Administration and configuration manual
3BCustomizing GFI MailEssentials  75

From Email Field - Insert sender email address.

From Name Field - Inserts the display name of the sender.

Subject Field - Inserts email subject.

To Email Field - Inserts the recipient’s email address.

To Name Field - Inserts the recipient’s display name.

Tracking Number - Inserts tracking number (if generated).
8. Click Add… and select any attachments to send with the auto reply
email. Remove attachments using the Remove button.
9. Select Include email sent option to quote the inbound email in auto
reply.
10. Select Generate tracking number in subject to enable the
generation of tracking numbers in the auto replies.
NOTE: This feature enables, for example, customers to reply quoting
a tracking number that enables staff to track emails in a more
coherent manner.
11. Click OK button to finalize settings.
By default, tracking numbers are generated using the following format:

ME_YYMMDD_nnnnnn
Where:

ME – GFI MailEssentials tag.

YYMMDD – Date in year, month and date format.

nnnnnn – automatically generated tracking number.
4.5 List servers
List servers enable the creation of two types of distributions lists:
1. A newsletter subscription list – Used for creating subscription
lists for company or product newsletters, to which users can either
subscribe or unsubscribe.
2. A discussion list – Enables groups of people to hold discussions
via email, with each member of the list receiving the email that a user
sends to it.
Prerequisites
1. Check whether MSMQ is installed and if not install it by following
the instructions listed in Appendix 2 - Installing MSMQ starting on
page 119 in this manual.
4.5.1 Creating a newsletter or discussion list
1. From the GFI MailEssentials configuration console, right-click Email
Management ► List Server node and select New ► Newsletter or
Discussion List.
76  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 65 - Creating a new newsletter list
2. In the List name: field, key in a name for the new list and select a
domain for the list (only if you have multiple domains). Click Next to
continue setup.
Administration and configuration manual
3BCustomizing GFI MailEssentials  77
Screenshot 66 - Specifying database backend
3. Select Microsoft Access or Microsoft SQL Server/MSDE as
database and from the Database type group select if GFI
MailEssentials should create a new database or connect to an existing
database. Click Next to continue.
NOTE 1: For small lists of up to 5000 members, you can use Microsoft
Access as a backend.
NOTE 2: To create a new database, select the Automatic option.
4. Configure the database type selected to store
newsletter/discussion subscribers list. The available options are:
Database type
the
Database settings
Microsoft Access with
Automatic option
Key in the location where the new database is
stored in the File edit box.
Microsoft Access with
Existing option
In the File field specify the path to your existing
Microsoft Access database that contains the
newsletter/discussion subscribers. From the Table
drop down list select the table where the
subscribers list is stored.
Microsoft SQL Server
with Automatic option
Specify SQL server name, logon credentials and
database used to store newsletter/discussion
subscribers list.
Microsoft SQL with
Existing option
Specify SQL server name, logon credentials and
select the database and table where subscribers
list is stored.
5. For all database types with the Automatic option, click Finish
button to end the wizard, or click Next to continue setup.
78  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 67 – Mapping custom fields
6. Select a variable from the Variables list and the corresponding
Database Field option and click Map Field button to Map the required
fields with the custom fields found in the database. Click Finish to
finalize your configuration. The fields to map are:

[FirstName_To] - Map to a string field containing the first name of
a subscriber.

[LastName_To] - Map to a string field containing the last name of
a subscriber.

[Company] - Map to a string field containing the company name of
a subscriber.

[Email_To] - Map to a string field containing the email address of
a subscriber.

[Unsubscribe] - Map to an integer (or Boolean) value field which
is used to define whether the user is subscribed to the list or not.
4.5.2 Configuring advanced newsletter/discussion list properties
After creating a new list, further options can be configured which
enable the customization of elements and behavior of the list. The
available options are:

Creation of a custom footer - Configure a custom HTML or text
footer. A footer will be added to each email.

Setting permissions to the list - Specify who can submit an email to
the list. If list is not secured, anybody can send an email to the
entire list by sending an email to the list address.
Administration and configuration manual
3BCustomizing GFI MailEssentials  79
NOTE: Permissions are not configurable for discussion lists.

Secure newsletter/discussion with a password - Set a password
which secures access to newsletter/discussion in case someone
else makes use of the email client or account details of a permitted
user.

Adding subscribers to the list – Add users to newsletters/
discussions without any action on their behalf.
Creating a custom footer for the list
Screenshot 68 – Newsletter footer properties
1. Right click the list to add a footer to and select Properties.
2. In the Footer tab, click Edit HTML to create an HTML footer.
NOTE: Use the footer to communicate how users can subscribe and
unsubscribe from the list.
Setting permissions to the list
NOTE: Permissions are not configurable for discussion lists.
1. Right click the list to set permissions for and select Properties.
80  3BCustomizing GFI MailEssentials
Administration and configuration manual
Screenshot 69 - Setting permissions to the newsletter
2. In the Permissions tab, click the Add button and specify the users
with permissions to submit an email to the list. Email addresses are
added to Email list.
3. Enable passwords by selecting the Password required: checkbox
and providing a password. For more information on how to use this
feature refer to the next section Securing newsletters with a password.
Securing newsletters with a password
NOTE: Discussion lists cannot be secured with passwords.
1. Right click the list to set permissions for and select Properties.
2. In the Permissions tab, select Password required: checkbox and
provide a password.
IMPORTANT: Users must authenticate themselves by including
the password in the email subject field on sending emails to the
newsletter. The password must be specified in the subject field
as follows:
[PASSWORD:<password>] <The Subject of the email!>

Example: [PASSWORD:letmepost]Special Offer.
If password is correct, list server will remove the password details
from the subject and relay on the email to the Newsletter.
Adding subscribers to the list
NOTE: It is highly recommended that users subscribe to the list, by
sending an email themselves to the subscribe newsletter/discussion
address. Adding users to lists without their explicit permission might
Administration and configuration manual
3BCustomizing GFI MailEssentials  81
generate spam complaints.
1. Right click the list to set permissions for and select Properties.
Screenshot 70 - Entering subscribers to the newsletter
2. In the Subscribers tab, click Add button.
3. Key in Email Address, First name, Last name and Company
fields and click OK button. The new subscriber email address will be
added to the Email list.
NOTE 1: First name, last name and company fields are optional.
NOTE 2: Select the user and click the Remove button to remove
subscribers from the list.
NOTE 3: To remove users from the subscription list table when
unsubscribing from the list (and not just flag them as unsubscribed)
select the Delete from database when user unsubscribes
checkbox.
4.5.3 Using newsletters/discussions
After creating a newsletter/discussion list, users must subscribe in
order to receive it. The actions which users can perform when using
newsletters/discussions are:

Sending a newsletter

Subscribing to a list

Completing the subscription process

Unsubscribing from the list
82  3BCustomizing GFI MailEssentials
Administration and configuration manual
Using newsletters

Subscribing to list – Ask users to send an email to
<newslettername>[email protected]

Completing the subscription process – Users first send a
subscription
request
to
<newslettername>[email protected]. On receiving the request, the list
server sends a confirmation email back. Users must confirm their
subscription via a reply email to be added as a subscriber.
NOTE: The confirmation email is a requirement and cannot be
turned off.

Sending a newsletter/discussion post - Members with
permissions to send email to the list are required to send the email
to the newsletter list mailing address:
<newslettername>@yourdomain.com

Unsubscribing from the list - To unsubscribe from the list, users
must send an email to:
<newslettername>[email protected]
Tip: To enable users to easily subscribe to newsletters, add a web
form asking for name and email address and direct output to:
<newslettername>[email protected]
4.5.4 Importing subscribers to the list / database structure
When a new newsletter or discussion list is created, the configuration
will create a table called 'listname_subscribers' with the following fields
as shown in the table below.
To import data into the list, ensure that the database is populated with
the correct data in the correct fields.
Field name
Type
Default
Value
Flags
Ls_id
Varchar(100)
Ls_first
Varchar(250)
First name
Ls_last
Varchar(250)
Last name
Ls_email
Varchar(250)
Email
Ls_unsubscribed
Int
ls_company
Varchar(250)
Administration and configuration manual
PK
Description
0
Subscriber ID
NOT NULL
Unsubscribe flag
Company name
3BCustomizing GFI MailEssentials  83
5 Miscellaneous
This section describes all the other features that fall outside the initial
configuration, daily management and customization of GFI
MailEssentials. These include:

Setting up POP3 and dialup downloading

Synchronizing configuration data

Selecting the server from where to download updates

Selecting the SMTP Virtual Server to bind GFI MailEssentials

Remote commands
5.1 Setting up POP3 and dialup downloading
Post office protocol (POP3 (RFC 1225)) is a client/server protocol for
storing email so that clients can connect to the POP3 server at any
time and read the email. A mail client will make a TCP/IP connection
with the server and by exchanging a series of commands, enable
users to read the email. All ISPs support POP3.
The recommendation for GFI MailEssentials is to, if possible, avoid
using POP3 and to use SMTP since this POP3 is designed for email
clients and not for mail servers. Notwithstanding this fact, and to cater
for situations where a static IP address used with SMTP is not
available, GFI MailEssentials can use POP3 to retrieve email.
5.1.1 Configuring the POP3 downloader
1. Select POP2exchange node and double click General item.
Administration and configuration manual
4BMiscellaneous  85
Screenshot 71 - The GFI MailEssentials pop3 downloader
2. In the POP3 tab, select Enable POP2Exchange checkbox to
enable POP3 downloader.
3. Click Add to add a POP3 mailbox from which to download email.
Screenshot 72 - Adding a POP3 mailbox
4. Key in the POP3 server details, mailbox login name and password
of the mailbox. Choose between:

86  4BMiscellaneous
Send mail to address stored in ‘To’ field - GFI MailEssentials
will analyze the email header and route the email accordingly. If
email analyzing fails, email is sent to the email address specified
in the alternate address field.
Administration and configuration manual

Send mail to alternate address: All email from this mailbox is
forwarded to one email address. Enter full SMTP address in the
‘Email address’ field.
o
Example: [email protected]
5. Provide the alternate address and click OK.
NOTE 1: When specifying the destination email address (the address
where GFI MailEssentials will forward the email to), ensure that you
have set up a corresponding SMTP address on your mail server.
NOTE 2: Multiple POP3 mailboxes can be configured.
6. In the POP2Exchange configuration dialog, configure other
available options:

Check every (minutes): Specify the download interval.

Do not download mail larger than (Kbytes): Specify a maximum
download size. If email exceeds this size, it will not be
downloaded.

If mail is larger, then: Choose to delete email larger than the
maximum allowed size, or send a message to the postmaster.
5.1.2 Configure dial up connection options
1. Select POP2exchange node and double click General item.
2. From the Dialup tab select Receive mails by Dial-Up or Dial on
Demand checkbox to enable dialup.
Screenshot 73 - Dial-up options
3. Select a dial-up networking profile and configure a login name and
password. The following options are available:

Use this Dial-Up Networking profile: Choose the Dial-up
Networking profile to use.

If not connected dial: GFI MailEssentials will only dial-up if there
is no connection.

Username: Enter the username used to logon to your ISP.
Administration and configuration manual
4BMiscellaneous  87

Password: Enter the password used to logon to your ISP.

Process only when already connected: GFI MailEssentials will
only process email if a connection already exists.

Dial on demand router: In case of an internet connection that is
automatically established (such as a dial on demand router) select
this option. GFI MailEssentials will pick up email at the specified
interval without triggering a dial-up connection.

Process every (minutes): Enter the interval at which GFI
MailEssentials must either dial-up or check if a connection already
exists (depends on whether you set GFI MailEssentials to dial-up
or to only process email when already connected).
Screenshot 74 - Configuring when GFI MailEssentials should pick up email
4. Click on Schedule and specify the hours when GFI MailEssentials
should dial-up to pick up email. A check mark indicates that GFI
MailEssentials will dial out. A cross indicates that GFI MailEssentials
will not dial out at this hour.
5. Click OK to finalize your configuration.
88  4BMiscellaneous
Administration and configuration manual
5.2 Email monitoring
Email monitoring enables the sending of copies of emails sent to or
from a particular local email address to another email address. This
enables the creation of central stores of email communications for
particular persons or departments.
This feature can also be used as a replacement for email archiving
since emails are automatically sent to Microsoft Exchange Server or
Microsoft Outlook store.
5.2.1 Enabling/Disabling email monitoring
1. Right click Email management ► Mail Monitoring and select
Properties.
Screenshot 75 - Enable or disable email monitoring
2. Enable/disable all inbound and outbound email monitoring rules by
checking/unchecking Enable Inbound Monitoring and Enable
Outbound Monitoring checkboxes.
3. Click OK button to save changes.
NOTE: Enable/disable individual email monitoring rules by right click
on the email monitoring rule and selecting Enable/Disable.
5.2.2 Configure email monitoring
1. Right click Email management ► Mail Monitoring node and
select New ► Inbound Mail Monitoring Rule or Outbound Mail
Monitoring Rule to monitor inbound or outbound email respectively.
Administration and configuration manual
4BMiscellaneous  89
Screenshot 76 – Add Mail Monitoring rule
2. Key in the destination email address/mailbox to copy the emails to.
Click OK to continue.
Screenshot 77 - Configuring email monitoring
3. Click sender and recipient Select buttons to specify which emails
this rule should monitor. Click the Add to add filters to the list. Repeat
to specify multiple filters. The following conditions can be monitored:
NOTE: To monitor all mail’ key in *@*.

All email sent by a particular user - Create outbound rule,
specify sender email or select user (if using AD) in the sender field
and key in *@* as the recipient’s domain.

All email sent to a particular user - Create inbound rule, specify
recipient email or select user (if using AD) in the recipient field and
specify *@* as the sender’s domain.

Mail sent by a particular user to an external recipient - Create
an outbound rule, specify sender or select user (if using AD) in the
sender field. Key in external recipient email in the recipient field.

Mail sent to a particular user by an external sender - Create an
inbound rule and specify external sender email in the sender field.
Key in the username or user email address in the recipient field.

Mail sent by a particular user to a company or domain - Create
an outbound rule and specify sender or select user (if using AD) in
the sender field. Specify the domain of the company in the
recipient field by selecting the domain via the recipient button.
90  4BMiscellaneous
Administration and configuration manual

Mail sent to a particular user by a company or domain - Create
an inbound rule and specify domain of the company in the sender
field. Select domain when clicking on the sender button and enter
username or user email address in the recipient field.
Screenshot 78 - Creating an exception
4. Select the Exceptions tab to add senders or recipients who will be
excluded from the new rule. The available options are:

Except if sender is - Excludes the specified sender from the list.

Except if recipient is - Excludes the specified recipient from the
list.
NOTE 1: When specifying exceptions for inbound monitoring rules,
the Sender list contains non-local email addresses and the Recipient
list addresses are all local. When specifying exceptions for an
outbound monitoring rule, the Sender list contains local email
addresses, whilst the Recipient list contains only non-local email
addresses.
NOTE 2: Both exception lists apply and all senders listed in the
sender exception list and all recipients listed in the recipient list will not
be monitored.
5. Click OK to finalize settings.
NOTE: New email monitoring can be renamed by clicking on the email
monitoring rule and pressing the F2 key.
Administration and configuration manual
4BMiscellaneous  91
5.3 Synchronizing configuration data
When GFI MailEssentials is installed on more than one server, it is
important to keep the anti-spam and configuration data synchronized
between servers so that email identified as spam on one server, would
be caught as spam on another server as well if it passes through it.
GFI MailEssentials automates this process through two features that
keep multiple GFI MailEssentials installations synchronized:

Anti-spam Synchronization Agent: This service takes care of
keeping anti-spam settings synchronized between GFI
MailEssentials installations using the Microsoft BITS service.
The Anti-Spam Synchronization Agent works as follows:
1. A server machine hosting GFI MailEssentials is configured as
the master server.
2. The other server machines, where GFI MailEssentials is
installed, are configured as slave servers.
3. The slave servers upload an archive file, containing the antispam settings, to an IIS virtual folder hosted on the master server
via the BITS service.
4. When the master server has collected all the slave servers antispam data, the data is extracted from the individual archives and
merged into a new up to date anti-spam settings archive file.
5. The slave servers download this updated anti-spam settings
archive file and take care of extracting it and updating the local
GFI MailEssentials installation to make use of the new settings.
NOTE 1: The servers that collaborate in the synchronization of
anti-spam settings must all have GFI MailEssentials 14 installed.
NOTE 2: The files uploaded and downloaded by the anti-spam
synchronization agent are compressed to limit the traffic on the
network.
Refer to the Anti-spam synchronization agent configuration section
on page 92 in this manual for detailed instructions on how to set
up the anti-spam synchronization agent.

GFI MailEssentials Configuration Export/Import Tool: This
application enables the export and import of all GFI MailEssentials
configuration settings and enables the configuration of a new GFI
MailEssentials installation with the same exact settings of an
already working GFI MailEssentials installation.
5.3.1 Anti-spam synchronization agent configuration
The Anti-Spam Synchronization Agent requires that the following
steps are followed in order:
Step 1: Configure the master server
Step 2: Install BITS Server Extension on the master server
Step 3: Configure slave server
5.3.2 Configuring the master server
92  4BMiscellaneous
Administration and configuration manual
Important notes
1. Only one server can be configured as master server at any one
time.
2. To configure a server as a master server, it must meet one of the
following system specifications:

Microsoft Windows Server 2003 with SP1 or later and IIS6.0 with
BITS server extension installed. (Further information on how to
install the BITS server extension is provided below)

Microsoft Windows 2000 with SP3 or later and IIS5.0 with BITS
server extension installed. (Further information on how to install
the BITS server extension is provided below)
NOTE: A Microsoft Windows XP machine cannot be configured as
master since Microsoft BITS server extension is not supported.
Master server configuration
1. Install the Microsoft BITS server extension. For further information
refer to the Installing BITS Server Extension on the master server
section on page 94 in this manual.
2. From the Administrative Tools group, load the Internet
Information Services (IIS) Manager console, right click on the
website of your choice and select New ► Virtual Directory from the
context menu.
3. Follow the Virtual Directory Creation Wizard steps and create the
new virtual directory.
NOTE: Ensure that only the Read and Write checkboxes are enabled
and that all other checkboxes are unchecked.
4. Right click new virtual directory and select Properties. Select
Directory Security tab and click Edit in the Authentication and
access control group.
5. Check Basic Authentication checkbox and specify Default
domain and Realm to which the username and password used for
authentication by the slave machines belong.
NOTE: Ensure that all other checkboxes are unchecked.
6. Click OK and close Authentication Methods dialog.
7. Access the BITS Server Extension tab and check Allow clients to
transfer data to this virtual directory checkbox.
8. Select Start ► GFI MailEssentials ► GFI MailEssentials AntiSpam
Synchronization
Agent,
right
click
Anti-Spam
Synchronization Agent ► Configuration node and select
Properties.
Administration and configuration manual
4BMiscellaneous  93
Screenshot 79 – Configuring a master server
9. From the Master tab check This GFI MailEssentials server is
also a master server checkbox and key in the full path of the folder
configured to hold the contents of the virtual directory.
10. Click Add button and enter the hostname of the slave server in the
Server edit box. Click OK to add it to the list. Repeat this step and add
all the other slave servers configured.
NOTE 1: Ensure that you configure all the machines you add to this
list as slave servers else the anti-spam synchronization agent on the
master server will never merge the data.
NOTE 2: A master server can also be a slave server at the same time.
In this case the server will merge its own anti-spam settings data to
the ones uploaded by the other slave servers. For this to work it is
required to add the master server hostname to the list of slave servers
as well. For more information, refer to the Configuring a slave server
section on page 95 in this manual.
11. If required, select a slave server from the list and click the Edit or
Delete button to edit or delete it.
12. Click the OK button to save the settings.
5.3.3 Installing BITS Server Extension on the master server
1. Download BITS v1.5 Server Component Microsoft and run it on the
master server from:
http://www.microsoft.com/downloads/details.aspx?FamilyID=1796784
8-be86-4cd6-891c-ec8241611ad4&displaylang=en
94  4BMiscellaneous
Administration and configuration manual
2. Follow BITS Server Setup Wizard instructions to finalize
installation.
3. From Control Panel load Add or Remove Programs and select
Add/Remove Windows Components tab.
4. From the Windows Components Wizard dialog, select
Application Server from the Components list and click Details.
4. From the Application Server dialog, select Internet Information
Services (IIS) in the Subcomponents of Application Server list and
click Details.
5. Check the Background Intelligent Transfer Service (BITS)
Server Extension checkbox from Subcomponents of Internet
Information Services (IIS) list and click OK button.
6. Click OK to close the Application Server dialog.
7. From the Windows Components Wizard dialog click Next button
to start the installation.
8. On completion click Finish to close the Windows Components
Wizard.
5.3.4 Configuring a slave server
Important notes
To configure a server as a slave server, it must meet one of the
following system specifications:

Microsoft Windows 2003 - It is recommend that you download the
BITS 2.0 client update from the following Microsoft link:
http://www.microsoft.com/downloads/details.aspx?familyid=3FD31F05D091-49B3-8A80-BF9B83261372&displaylang=en

Microsoft Windows 2000 with SP3 or later – You need to download
and install the BITS 2.0 client from the following Microsoft link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=3ee866a03a09-4fdf-8bdb-c906850ab9f2&DisplayLang=en

Microsoft Windows XP Professional – You need to download and
install the BITS 2.0 client from the following Microsoft link:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b93356b1ba43-480f-983d-eb19368f9047&DisplayLang=en
Slave server configuration
1. Click Start ► GFI MailEssentials ► GFI MailEssentials AntiSpam Synchronization Agent.
2. Right click Anti-Spam Synchronization Agent ► Configuration
node and select Properties.
Administration and configuration manual
4BMiscellaneous  95
Screenshot 80 – Configuring a slave server
3. From the Slave tab check This GFI MailEssentials server is a
slave server checkbox and specify the full URL to the virtual directory
hosted on the master server in the URL field.

Example: ‘http://master-domain.com/messas’
4. In the Port field specify the port used by the master server to
accept HTTP communications.
NOTE: By default it is set to port 80 which is the standard port used
for HTTP.
5. Check Credentials required checkbox and key in
username/password used to authenticate with the master server.
the
6. Select:

Manual - Upload and download the anti-spam settings archive file
manually. To upload the anti-spam settings of the slave server to
the master server click Upload now button. To download the
updated merged anti-spam settings from the master server, click
Download now button.
Screenshot 81 – Upload / download hourly interval setting
96  4BMiscellaneous
Administration and configuration manual

Automatic - Configures the anti-spam synchronization to occur
automatically. In the Upload every field specify the upload interval
in hours that determines how often the slave server will upload its
anti-spam settings to the master server. In the Download every
field specify the download interval in hours which determines how
often the slave server checks for updates on the master server
and downloads them.
NOTE: The hourly interval for upload and download cannot be set to
the same value. The hourly interval can be set to any value between 1
and 240 hours. It is recommended that the download interval is
configured to a smaller value than the upload interval and that the
same interval settings for all the slave servers are set for all slave
servers configured.

Example: If the download interval is set to 3 hours and the upload
interval is set to 4 hours. This way downloads are more frequent
than uploads.
7. Click the OK button to save the settings.
5.4 GFI MailEssentials Configuration Export/Import Tool
The Configuration export/import tool requires that the following steps
are followed in the order below:
Step 1: Export existing GFI MailEssentials configuration settings.
Step 2: Manually copy the exported settings to the machine where you
have recently installed GFI MailEssentials.
Step 3: Import settings to new GFI MailEssentials installation.
IMPORTANT: When importing settings, any GFI MailEssentials
installation settings on the target installation are overwritten.
5.4.1 Exporting GFI MailEssentials configuration settings
GFI MailEssentials provides two methods of exporting configuration
settings:

Via the GFI MailEssentials Configuration Export/Import tool user
interface.

Via the GFI MailEssentials Configuration Export/Import tool
command line tool
Exporting via User interface
1. Double click meconfigmgr.exe, located in the root folder of the GFI
MailEssentials installation.
Administration and configuration manual
4BMiscellaneous  97
Screenshot 82 – GFI MailEssentials Configuration Export/Import Tool
2. Click Export button. In the Browse for Folder dialog choose a
folder to export the GFI MailEssentials configuration settings and click
OK.
3. On completion, click the Exit button.
Exporting settings via the command line
1. From the command prompt, browse to the GFI MailEssentials
installation root folder.
2. Key in:
meconfigmgr
/export:”c:\MailEssentials
/verbose /replace
NOTE: Replace “C:\MailEssentials Settings” with
destination path.
Settings”
the
desired
Screenshot 83 - Exporting settings via command line

98  4BMiscellaneous
The /verbose switch instructs the tool to display progress while
Administration and configuration manual
copying the files.

The /replace switch instructs the tool to overwrite existing files in
the destination folder.
5.4.2 Importing GFI MailEssentials configuration settings
GFI MailEssentials provides two methods of importing configuration
settings:

Via the GFI MailEssentials Configuration Export/Import tool user
interface.

Via the GFI MailEssentials Configuration Export/Import tool
command line tool
Importing via user interface
1. Double click ‘meconfigmgr.exe’, located in the root folder of the GFI
MailEssentials installation.
2. Click Import button, choose the folder which contains the exported
GFI MailEssentials configuration settings and click OK.
3. On completion, click Exit button.
Importing via the command line
1. Stop IIS Admin and GFI MailEssentials Managed Attended services
by running ‘services.msc’ and stopping services.
2. From a command prompt, browse to the GFI MailEssentials
installation root folder.
3. Key in:
meconfigmgr
/import:”c:\MailEssentials
Settings”
/verbose /replace
Note: Replace “C:\MailEssentials Settings” with the desired source
path.
Screenshot 84 - Importing settings via command line

The /verbose switch instructs the tool to display progress while
copying files.

The /replace switch instructs the tool to overwrite existing files in
the destination folder.
5.5 Selecting the server from where to download updates
Administration and configuration manual
4BMiscellaneous  99
The updates server is the server GFI MailEssentials uses to check for
and download any Bayesian spam filter updates and Anti-Phishing
updates.
5.5.1 Selecting update servers
1. Right click General node, select Properties and click on Updates
tab.
Screenshot 85 - Selecting the updates server
2. Select an update server from the Preferred server list and click OK
button to finalize your configuration.
5.6 Selecting the SMTP Virtual Server to bind GFI MailEssentials
In case of multiple SMTP virtual servers, it might be required that GFI
MailEssentials is bound to new or different SMTP Virtual Servers.
NOTE: The SMTP Virtual Server Bindings tab is not displayed if you
installed GFI MailEssentials on a Microsoft Exchange Server 2007
machine.
5.6.1 Binding GFI MailEssentials to SMTP Virtual Servers
1. Right click General node, select Properties and click Bindings
tab.
100  4BMiscellaneous
Administration and configuration manual
Screenshot 86 - SMTP Virtual Server Bindings
2. From the SMTP virtual server name list, select the checkbox of
the SMTP Virtual Server to bind GFI MailEssentials to.
3. Click OK button to finalize setup.
NOTE: The GFI MailEssentials configuration will ask to restart
services such as the IIS SMTP Service for the new settings to take
effect. Click Yes button to restart services.
5.7 Remote commands
Remote commands facilitate adding domains or email addresses to
the spam blacklist, as well as update the Bayesian filter with spam or
ham (valid emails).
Remote commands work by sending an email to GFI MailEssentials.
Addressing
an
email
to
[email protected]
(configurable) will have GFI MailEssentials recognize the email as
containing remote commands and will process the commands.
With remote commands, the following tasks can be achieved:
1. Add Spam or ham to the Bayesian module.
2. Add keywords either to the subject keyword checking feature or to
the body keyword checking feature.
3. Add email addresses to the blacklist feature.
5.7.1 Configuring remote commands
Administration and configuration manual
4BMiscellaneous  101
Screenshot 87 - Remote commands configuration
1. Right click Anti-Spam, select Properties, click Remote
Commands tab and check the Enable remote commands checkbox.
2. Edit the email address to which the remote commands should be
sent.
NOTE: The email address should NOT be a local domain. It is
recommended using [email protected]. A mailbox for
the configured address does not need to exist, but the domain-part of
the address must consist of a real email address domain that returns a
positive result to an MX-record lookup via DNS.
3. Optionally, configure some basic security for the remote
commands:

Configure a shared password to include in the email. For more
information refer to Using remote commands section in this
manual.

Also configure which users are allowed to send emails with remote
commands.
NOTE: Users can fake this by faking the From address.
Passwords are sent as separate commands in following syntax:
PASSWORD: <shared password>;
5.7.2 Using remote commands
The remote commands must follow the following syntax:
102  4BMiscellaneous
Administration and configuration manual
<command> : <param1>, [ <param2>, <param3>, … ];
There can be more than one command in the body of an email with
each command separated by a semi-colon (;). Each command name
is case-sensitive and should be written in UPPER CASE. The
following commands are available:
NOTE: The robot can only add keywords, but not delete or modify
them. Conditions are not supported.
Available commands are:

ADDSUBJECT – Adds keywords specified to the subject keyword
checking database.
o

Example: ADDSUBJECT: sex, porn, spam;
ADDBODY – Adds keywords specified to the body keyword
checking database.
o
Example: ADDBODY: free, “100% free”, “absolutely free”;
NOTE: When configuring phrases other than a single words, enclose
phrases in double quotes (“ ”).
5.7.3 Blacklist commands
Using blacklist commands to add a single email address or an entire
domain to the custom blacklist.
Available commands are:

ADDBLIST: <email>;
o
Example: ADDBLIST: [email protected];
NOTE 1: Add an entire domain to the blacklist by specify a wildcard
before the domain

Example: ADDBLIST: *@domain.com.
NOTE 2: For security reasons, there can be only one ADDBLIST
command in an email, and only one address can be specified as the
command parameter. The parameter is either a user email or a
domain:

Example: [email protected] or *@spammers.org.
NOTE 3: Wildcards cannot be used in domain names.

Example: *@*.domain.com will be rejected as invalid.
5.7.4 Bayesian filter commands
Add spam email or valid email (ham) to the Bayesian filter database.
Available commands are:

ADDASSPAM – instructs Bayesian filter to classify email as spam.

ADDASGOODMAIL – instructs Bayesian filter to classify email as
HAM.
NOTE: These commands do not have parameters – the rest of the
email is the parameter.
Examples

Example 1 – Through this example, the user adds
[email protected] to the blacklist and add a few
Administration and configuration manual
4BMiscellaneous  103
keywords to subject keyword checking database.
Screenshot 88 - Adding an email address to the blacklist and keywords

Example 2 - The same command can be specified more then
once. (in this case ADDBODY). The result is cumulative, and in
this case the keywords added to the body checking database are:
sex, 100% free and instant money.
Screenshot 89 - Specifying the same commands more than once

104  4BMiscellaneous
Example 3: A spam email is added using the ADDASSPAM
command. A colon is not required for this type of command –
everything immediately after this command is treated as data.
Administration and configuration manual
Screenshot 90 - Adding spam to the Bayesian filter database

Example 4 - When Shared Password checkbox is unchecked,
remote commands can be sent without a password.
Screenshot 91 - Sending remote commands without security
5.7.5 Remote command logging
To keep track of changes made to the configuration database via
remote commands, each email with remote commands (even if the
email with remote commands was invalid) is saved under the
ADBRProcessed subfolder located in GFI MailEssentials root folder.
The file name of each email is formatted according to the following
format:

<sender_email_address>_SUCCESS_<timestamp>.eml
case of successful processing.

<sender_email_address>_FAILED_<timestamp>.eml – in case
Administration and configuration manual
–
in
4BMiscellaneous  105
of failure.
NOTE: Timestamp is formatted as yyyyddmmhhmmss.
106  4BMiscellaneous
Administration and configuration manual
6 Troubleshooting & support
6.1 Introduction
This chapter explains how to resolve GFI MailEssentials issues
encountered during installation. Use the following sources of
information in the order listed below:
1. This manual
2. The common issues sections below
3. GFI Knowledge Base articles
4. Common checks
5. Web forums
6. Contacting GFI Technical Support
6.2 User manual
Use the information in this user manual to get an understanding of
what might be causing any issues with your GFI MailEssentials
installation. The information sections together with the common issues
sections below will give you guidelines on what can be done to resolve
any issues that might be due to misconfigurations or human error.
6.3 Common issues
The common issues listed below will enable you to investigate
common issues encountered by users during their use of GFI
MailEssentials.
6.3.1 Managing Spam
Issue encountered
Administration and configuration manual
Solution
5BTroubleshooting & support  107
1. Dashboard shows no email is being
processed; Or:
Only inbound or outbound emails are
being processed
1. Ensure that GFI MailEssentials is not disabled from scanning
emails. For more information on how to start scanning refer to
Disabling/Enabling email scanning section in this manual.
2. Check for multiple Microsoft IIS SMTP virtual servers and ensure
that GFI MailEssentials is bound to the correct virtual server.
3. MX record for domain not configured correctly. Ensure that the
MX record points to the IP address of the server running GFI
MailEssentials
4. If inbound emails are passing through another gateway, ensure
that the mail server running on the other gateway forwards inbound
emails through GFI MailEssentials
5. Ensure that outbound emails are configured to route through GFI
MailEssentials. Refer to installation manual for more details.
6. Verify that the SMTP virtual server used by Microsoft Exchange
Server for outbound emails is the same SMTP server GFI
MailEssentials is bound to.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID003286
2. After installing GFI MailEssentials,
some emails show a garbled message
body when viewed in Microsoft Outlook
or GFI MailArchiver
This problem occurs for emails that use one character set for the
message header and a different character set for the message
body. When such emails are processed by Microsoft Exchange
2003, the emails will be shown garbled in Microsoft Outlook and
GFI MailArchiver. Microsoft has released a hotfix to resolve this
issue.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID003459 and
http://support.microsoft.com/kb/916299
6.3.2 Archiving and Reporting
Issue encountered
Solution
1. Emails tagged as spam are archived
1. Launch Rules Manager on the Microsoft Exchange machine by
double clicking on 'rulemgmt.exe' from the GFI MailEssentials
folder.
2. Enable the checkbox next to the name of the mailbox being
polled by GFI MailArchiver for archiving.
3. Click on Configure and ensure that the ‘Rule Condition’ and
‘Rule Action’ settings are correct. Click Apply.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID002747
2. AWI cannot be accessed with “HTTP
Error 404 – File or directory not found”
message
By default Internet Information Services (IIS) disables dynamic
content. AWI requires this to be enabled, since data is dynamically
retrieved from the archive database.
1. Load IIS Manager, expand <Server Name> node ► Web
service extensions and right-click ‘Active Server Pages’.
2. Click Allow to set status to ‘Allowed’.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID002963
3. Older data not available in database
when using Microsoft Access.
When the reports.mdb database exceeds 1.7Gb, the database is
automatically renamed to reports_<data>.mdb and a new
reports.mdb is created.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID003422
6.3.3 Anti-Spam filters & actions
108  5BTroubleshooting & support
Administration and configuration manual
Issue encountered
Solution
1. SPAM is delivered to users mailbox
Follow the checklist below to solve this issue:
1. Check that GFI MailEssentials is not disabled from scanning
emails. Refer to Disabling/Enabling email scanning in this manual
for more information on how to start scanning.
2. Check if all required anti-spam filters are enabled
3. Check if local domains are configured correctly
4. Check if emails are passing through GFI MailEssentials or if GFI
MailEssentials is bound to the correct IIS SMTP Virtual Server
5. Check if '%TEMP%' location (which by default is the
‘C:\Windows\Temp’ folder) contains a lot of files
6. Check if the number of users using GFI MailEssentials exceeds
the number of purchased licenses
7. Check if whitelist is configured correctly
8. Check if actions are configured correctly
9. Check if Bayesian filter is configured correctly
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID003256
2. Custom blacklists and/or keyword
checking pages take long to load or
appear to hang
3.
SpamRazer
downloading
updates
not
Limit the amount of entries in the GFI MailEssentials lists to 10,000.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID002915
http://kbase.gfi.com/showarticle.asp?id=KBID003267
and:
1. Ensure that your license key is valid.
2. Ensure that the required ports are open and that your firewall is
configured to allow connections from the GFI MailEssentials server
to connect to any proxy server as defined in your configuration.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID002184
6.3.4 Disclaimers
Issue encountered
1. No disclaimers
outbound emails
are
added
Solution
to
Ensure that local domains are configured correctly. Refer to the
Getting Started guide for more information.
2. Some characters in disclaimer text
are not displayed correctly
Configure Microsoft Outlook not to use automatic encoding and
force GPO to use correct encoding.
For more information on how to solve this issue refer to:
http://office.microsoft.com/en-us/ork2003/HA011402641033.aspx
3. Disclaimer is being sent out even if
disabled.
Restart GFI MailEssentials and IIS services after disabling a
disclaimer for the changes to take effect.
6.3.5 Email monitoring
Issue encountered
Solution
1. Emails sent from certain users, or
sent to certain users are not monitored.
Email monitoring rules do not monitor emails sent from or to the
GFI MailEssentials administrator and the email address to which
the monitored emails are being sent to. Email monitoring rule also
not available for emails sent between internal users of the same
information store.
6.3.6 List Servers
Administration and configuration manual
5BTroubleshooting & support  109
Issue encountered
Solution
1. Emails sent to the list server are
converted to Plain Text
Emails sent to the List server are converted to plain text emails
only when the original format of the email is RTF. Send email in
HTML format to retain original format
2. Internal users receive a non-delivery
report when sending email to list server
when GFI MailEssentials is installed on
a Gateway machine
For more information on how to use the List Server feature if GFI
MailEssentials is installed on a gateway refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID002123
6.3.7 Miscellaneous
Issue encountered
Solution
1. Dashboard reports “Bad user or
password error occurred while trying to
connect to POP3 server..." error
Ensure that the Microsoft Exchange Information Store is started.
2. Clients connected to Microsoft
Exchange via POP3 are not able to
view mails blocked as SPAM
Connect to Microsoft Exchange using IMAP.
3. Auto updates fail however manual
download via the GFI MailEssentials
configuration works fine
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID001805
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID002644
Ensure that un-authenticated connections are allowed from the GFI
MailEssentials machine to http://update.gfi.com on port 80.
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID002116
4. Configuration
imported.
data
cannot
be
Ensure that the GFI MailEssentials version and build is identical
across both source and target installations .
For more information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID003182
5. Remote commands do not work
For information on how to solve this issue refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID001806
6.4 Knowledge Base
GFI maintains a comprehensive Knowledge Base repository, which
includes answers to the common user problems.
If the information in this manual does not help you solve your
installation problems, next refer to the Knowledge Base. The
Knowledge Base always has the most up-to-date listing of technical
support questions and patches. Access the Knowledge Base by
visiting:
http://kbase.gfi.com/
6.5 Common checks
If the information contained in this manual and the knowledge base
repository do not help you solve your problems:
1. Ensure that all service packs for your operating system, mail server
and GFI MailEssentials are installed.
2. Reinstall Microsoft Data Access Components (MDAC) to ensure its
correct operation.
110  5BTroubleshooting & support
Administration and configuration manual
6.6 Web Forum
User to user technical support is available via the GFI web forum.
After referring to the information in the user manual and in the
knowledge base, access the web forum by visiting:
http://forums.gfi.com/.
6.7 Request technical support
If none of the resources listed above assist you in solving your issues,
contact the GFI Technical Support team by filling in an online support
request form or by phone.

Online: Fill out the support request form and follow the
instructions on this page closely to submit your support request on:
http://support.gfi.com/supportrequestform.asp.

Phone: To obtain the correct technical support phone number for
your region please visit:
http://www.gfi.com/company/contact.htm.
NOTE: Before contacting GFI’s Technical Support, ensure to have
your Customer ID available. Your Customer ID is the online account
number that is assigned to you when you first register your license
keys in our Customer Area at:
http://customers.gfi.com.
GFI endeavors to answer your query within 24 hours or less,
depending on your time zone.
6.8 Build notifications
It is highly recommended that you subscribe to the build notifications
list so that you are immediately notified about any new product builds.
To
subscribe
to
our
build
notifications,
visit:
http://www.gfi.com/pages/productmailing.htm
6.9 Documentation
If this manual does not satisfy your expectations, or if you think that
this documentation can be improved in any way, let us know via email
on:
[email protected]
7 Appendix 1 – How does spam
filtering work?
Administration and configuration manual
6BAppendix 1 – How does spam filtering work?  111
7.1 Inbound mail filtering
Inbound mail filtering is the process through which incoming email are
filtered before delivery to users.
1. On establishing a connection, the
incoming email’s recipient email
address is checked and if it is not
found the connection is immediately
terminated. This is done through the
directory harvesting filter. If the
recipient email address is found, email
goes to next stage.
2. Next the email is checked to see if it
is addressed to a list server. If this is
the case the email is forwarded to the
list server; else it goes to the next
stage.
3. The incoming email is filtered using
all the spam filters. Any email which
fails a spam filter check is sent to the
anti spam email actions. If an email
goes through all the filters and is not
identified as spam, it then goes to the
next stage.
4. If configured, email is next archived
to the reporting database. The mail
goes to the next stage.
5. If configured, auto-replies are next
sent to the sender. Email goes to next
stage.
6. If configured, email monitoring is
next executed and the appropriate
actions taken. Email goes to the next
stage.
7. The new senders filter is now
executed. Email goes to the next
stage.
8. Email is sent to the user’s mailbox.
7.1.1 Inbound Email Domains
A very important concept within GFI MailEssentials is that of inbound
email domains. During its configuration, GFI MailEssentials will
automatically detect the domains on which you receive emails. This
enables it to distinguish between inbound and outbound emails and
therefore protect your network against spam. Inbound Email Domains
112  6BAppendix 1 – How does spam filtering work?
Administration and configuration manual
are also configurable after installation through the GFI MailEssentials
configuration console.
7.2 Outbound mail filtering
Outbound mail filtering is the process through which email sent by
users within a company is processed before it is sent out.
1. User creates and sends email.
2. Remote commands checks for any
remote commands in email and
executes them if found. If none are
found, email goes to the next stage.
3. Email is next checked to see if it
should be archived. If archiving is
enabled, email is saved in the reporting
database. In all cases email goes to the
next stage.
4. If configured, the applicable
disclaimer is next added to the email.
Once this is done, Email goes to the
next stage.
5. Email is checked for any email
monitoring which may apply and action
is taken according to any rules
configured. Email goes to the next
stage.
6. If enabled, the auto-whitelist check
adds the email recipient email address
to the whitelist. This automatically
enables replies from such recipients to
arrive back to the sender without
verification. After this check emails are
sent to the recipients.
The outbound email sequence of events is followed by all outbound
emails, except for outbound email processes initiated by the list
server. This feature enables the creation and routing of distribution
lists (newsletters and discussion lists) from GFI MailEssentials. In this
case emails are scanned for spam and automatically sent to
recipients.
Administration and configuration manual
6BAppendix 1 – How does spam filtering work?  113
8 Appendix 2 – Bayesian Filtering
The Bayesian filter is an anti-spam technology used within GFI
MailEssentials. It is an adaptive technique based on artificial
intelligence algorithms, hardened to withstand the widest range of
spamming techniques available today.
This chapter explains how the Bayesian filter works, how it can be
configured and how it can be trained.
NOTE: The Bayesian anti-spam filter is disabled by default. It is highly
recommended that you train the Bayesian filter before enabling it.
IMPORTANT: GFI MailEssentials must operate for at least one
week for the Bayesian filter to achieve its optimal performance.
This is required because the Bayesian filter acquires its highest
detection rate when it adapts to your email patterns.
How does the Bayesian spam filter work?
Bayesian filtering is based on the principle that most events are
dependent and that the probability of an event occurring in the future
can be inferred from the previous occurrences of that event.
NOTE: Refer to the links below for more information on the
mathematical basis of Bayesian filtering:
http://wwwccrma.stanford.edu/~jos/bayes/Bayesian_Parameter_Estimation.html
http://www.niedermayer.ca/papers/bayesian/bayes.html
This same technique is used by GFI MailEssentials to identify and
classify spam. The loci is that if a snippet of text frequently occurs in
spam emails but not in legitimate emails, it would be reasonable to
assume that this email is probably spam.
Creating a tailor-made Bayesian word database
Before Bayesian filtering is used, a database with words and tokens
(for example $ sign, IP addresses and domains, etc,) must be created.
This can be collected from a sample of spam email and valid email
(referred to as ‘ham’).
Administration and configuration manual
7BAppendix 2 – Bayesian Filtering  115
Figure 1 - Creating a word database for the filter
A probability value is then assigned to each word or token; this is
based on calculations that account for how often such word occurs in
spam as opposed to ham. This is done by analyzing the users'
outbound email and known spam: All the words and tokens in both
pools of email are analyzed to generate the probability that a particular
word points to the email being spam.
This probability is calculated as per following example:
If the word ‘mortgage’ occurs in 400 out of 3,000 spam emails and in 5
out of 300 legitimate emails then its spam probability would be 0.8889
(i.e. [400/3000] / [5/300 + 400/3000]).
Creating a custom ham email database
The analysis of ham email is performed on the company's email and
therefore is tailored to that particular company.

Example: A financial institution might use the word ‘mortgage’
many times and would get many false positives if using a general
anti-spam rule set. On the other hand, the Bayesian filter, if
tailored to your company through an initial training period, takes
note of the company's valid outbound email (and recognizes
‘mortgage’ as being frequently used in legitimate messages), it will
have a much better spam detection rate and a far lower false
positive rate.
Creating the Bayesian spam database
Besides ham email, the Bayesian filter also relies on a spam data file.
This spam data file must include a large sample of known spam. In
addition it must also constantly be updated with the latest spam by the
anti-spam software. This will ensure that the Bayesian filter is aware of
the latest spam trends, resulting in a high spam detection rate.
How is Bayesian filtering done?
Once the ham and spam databases have been created, the word
probabilities can be calculated and the filter is ready for use.
On arrival, the new email is broken down into words and the most
relevant words (those that are most significant in identifying whether
the email is spam or not) are identified. Using these words, the
116  7BAppendix 2 – Bayesian Filtering
Administration and configuration manual
Bayesian filter calculates the probability of the new message being
spam. If the probability is greater than a threshold, the message is
classified as spam.
NOTE: For more information on Bayesian Filtering and its advantages
refer to:
http://kbase.gfi.com/showarticle.asp?id=KBID001813
Administration and configuration manual
7BAppendix 2 – Bayesian Filtering  117
9 Appendix 3 - Installing MSMQ
9.1 Windows Server 2000
The message queuing service is a scalable system service developed
by Microsoft to enable high volume event processing. GFI
MailEssentials uses this service for the list server. The message
queuing service is included with every Windows 2000/2003 and XP
version, although not always installed by default.
To check whether MSMQ is installed and to install it if it is not:
1. Open the Windows Control Panel from the start menu, double-click
on Add/Remove Programs and then click on the Windows
Components tab to launch and display the Windows components
wizard. Now check if the 'Message Queuing Service' checkbox is
selected.
Screenshot 92 - The Windows components wizard
2. If the Message Queuing Services checkbox is not selected, you
need to install the Message Queuing Service. To do this, select the
checkbox and click Next. You need to have your Windows CD at
hand.
Administration and configuration manual
8BAppendix 3 - Installing MSMQ  119
Screenshot 93 - Selecting the Message Queuing type
3. You will now be asked to select what type of queue to install. Click
on Independent client and then click Next.
Screenshot 94 - Message queue will not access a directory service
4. After you select independent, you will be asked if the Message
Queue will be connecting to a directory service. Click on the Message
Queuing Service will not access a directory service option and
then click Next. The Message Queuing Service will now be installed.
9.2 Windows Server 2003
120  8BAppendix 3 - Installing MSMQ
Administration and configuration manual
The message queuing service is a scalable system service developed
by Microsoft to enable high volume event processing. GFI
MailEssentials uses this service for the list server. The message
queuing service is included with every Windows 2000/2003 and XP
version, although not always installed by default.
To check whether MSMQ is installed and to install it if it is not:
1. Open the Windows Control Panel from the start menu, double-click
on Add/Remove Programs and then click on the Windows
Components tab to launch and display the Windows components
wizard.
2. Click on Application Server and then click Details.
Screenshot 95 - Windows Components Wizard
3. If the Message Queuing checkbox is selected it means the service
is already installed and you can thus skip the rest of this section. If it is
not, then you need to follow the rest of the steps below to install the
message queuing service. In the Application Server dialog click on
Message Queuing and then click Details.
Administration and configuration manual
8BAppendix 3 - Installing MSMQ  121
Screenshot 96 - Message queuing component
4. In the Message Queuing dialog select the Core functionality
checkbox and then click OK.
Screenshot 97 - MSMQ Core functionality
5. In the Application Server dialog click OK and then click Next in
the Windows Components Wizard window to start installing the
message queuing service.
122  8BAppendix 3 - Installing MSMQ
Administration and configuration manual
Screenshot 98 - Installing the Message queuing service
6. When the installation of the message queuing service is complete,
you need to click Finish in the Windows Components Wizard. The
Message Queuing Service is now installed.
9.3 Windows Server 2008
For detailed instructions on how to install MSMQ on Windows Server
2008 refer to:
http://technet.microsoft.com/en-us/library/cc730960.aspx
Administration and configuration manual
8BAppendix 3 - Installing MSMQ  123
10 Glossary
Active Directory
A technology that provides a variety of network
services, including LDAP-like directory services.
AD
See Active Directory
Auto-reply
An email reply that is sent automatically to incoming
emails.
Bayesian Filtering
An anti-spam technique where a statistical
probability index based on training from users is
used to identify spam.
Background
Intelligent Transfer
Service
A component of Microsoft Windows operating
systems that facilitates transfer of files between
systems using idle network bandwidth.
BITS
See Background Intelligent Transfer Service
Blacklist
A list of email users or domains from whom email is
not to be received by users
Botnet
Malicious software that runs autonomously and
automatically and is controlled by a hacker/cracker.
Demilitarized Zone
A section of a network that is not part of the internal
network and is not directly part of the Internet. Its
purpose typically is to act as a gateway between
internal networks and the internet.
Disclaimer
A statement intended to identify or limit the range of
rights and obligations for email recipients
Domain Name
System
A database used by TCP/IP networks that enables
the translation of hostnames into IP numbers and to
provide other domain related information.
DMZ
See Demilitarized Zone
DNS
See Domain Name System
DNS MX
See Mail Exchange
Email monitoring
rules
Rules which enable the replication of emails
between email addresses.
False positives
An incorrect result that identifies an email as spam
when in fact it is not.
Ham
Legitimate e-mail
Administration and configuration manual
9BGlossary  125
IIS
See Internet Information Services
Internet Information
Services
A set of Internet-based services created by Microsoft
Corporation for internet servers.
IMAP
See Internet Message Access Protocol
Internet Message
Access Protocol
One of the two most commonly used Internet
standard protocols for e-mail retrieval, the other
being POP3.
LDAP
See Lightweight Directory Access Protocol
Lightweight Directory
Access Protocol
An application protocol used to query and modify
directory services running over TCP/IP
List servers
A special use of e-mail systems that allows for
widespread distribution of emails to multiple email
users through discussion lists or newsletters.
Mail Exchange
A record used by DNS to provide the names of other
entities to which the mail should be sent.
MAPI
See Messaging Application Programming Interface
MDAC
See Microsoft Data Access Components
Messaging
Application
Programming
Interface
A messaging architecture and a Component Object
Model based API for Microsoft Windows.
Microsoft Message
Queuing Services
A message queue implementation for Windows
Server operating systems.
Microsoft Data
Access Components
A Microsoft technology that gives developers a
homogeneous and consistent way of developing
software that can access almost any data store.
MIME
See Multipurpose Internet Mail Extensions
MSMQ
See Microsoft Message Queuing Services
Multipurpose Internet
Mail Extensions
A standard that extends the format of e-mail to
support text other than ASCII, non-text attachments,
message bodies with multiple parts and header
information in non-ASCII character sets.
NDR
See Non Delivery Report
Non Delivery Report
An automated electronic mail message sent to the
sender on an email delivery problem.
Perimeter
server/gateway
The computer (server) in a LAN that is directly
connected to an external network. In GFI
MailEssentials perimeter gateway refers to the email
servers within the company that first receive email
from external domains.
126  9BGlossary
Administration and configuration manual
phishing
The process of acquiring sensitive personal
information with the aim of defrauding individuals,
typically through the use of fake communications
POP2Exchange
A system that collects email messages from POP3
mailboxes and routes them to mail server.
POP3
See Post Office Protocol ver.3
Post Office Protocol
ver.3
A protocol used by local email clients to retrieve
emails from mailboxes over a TCP/IP connection.
Public folder
A common folder that allows Microsoft Exchange
user to share information.
RBL
See Realtime Blocklist
Realtime Blocklist
Online databases of spam IP addresses. Incoming
emails are compared to these lists to determine if
they are originating from blacklisted users.
Remote commands
Instructions that facilitate the possibility of executing
tasks remotely.
Secure Sockets
Layer
A protocol to ensure an integral and secure
communication between networks.
Simple Mail
Transport Protocol
An internet standard used for email transmission
across IP networks.
SMTP
See Simple Mail Transport Protocol
Spam actions
Actions taken on spam emails received, e.g. delete
email or send to Junk email folder.
SSL
See Secure Sockets Layer
WebDAV
A HTTP extensions database that enables users to
manage files remotely and interactively. Used for
managing emails in the mailbox and in the public
folder in Microsoft Exchange.
Whitelist
A list of email addresses and domains from which
emails are always received
Zombie
See Botnet
Administration and configuration manual
9BGlossary  127
11 Index
A
G
Anti-spam global actions, 72
GFI MailEssentials reporter, 24
Auto-replies, 76
AWI access, 19
B
Bayesian, 1, 56, 57, 58, 101, 103,
105, 106, 110, 116, 117, 118,
124
blacklist, 1, 3, 7, 14, 37, 55, 56,
58, 59, 61, 66, 69, 103, 104,
105
Blacklist, 55, 60, 104, 124
H
ham, 14, 50, 56, 57, 103, 105,
116, 117
Header checking, 62
Hiding user posts, 10
I
IIS SMTP, 32, 33, 35, 102, 109,
110
IMAP, 8, 111, 125
C
configuration data, 86, 93
Configuration Export/Import Tool,
93, 98, 99
Custom blacklists, 110
custom footer, 81, 82
inbound email domains, 35, 36,
114
Inbound mail filtering, 113
Internal email, 19
K
Keyword checking, 64
D
Dashboard, 14, 15, 109, 111
dialup downloading, 15, 86
Directory harvesting, 52
Directory Harvesting, 52, 53, 54
Disclaimers, 73, 74
discussion list, 14, 78, 81, 84,
85
L
legitimate email, 13, 14, 46, 56,
57, 58
list server., 114
List servers, 78, 125
Lotus Domino, 10, 11
DMZ, 8, 53, 124
M
DNS blacklists, 58, 59
MAPI, 8, 125
DNSBL, 58, 59, 71
Microsoft Exchange 2000/2003,
32
E
email archiving, 19, 90
Microsoft Exchange 2007, 8, 9
MSMQ, 78, 119, 121, 122, 123,
125
Email monitoring, 1, 90, 110, 124
email routing, 4, 5, 35
N
email scanning, 32, 33
New Senders filter, 66, 73
Administration and configuration manual
9BGlossary  129
newsletter, 63, 78, 79, 80, 81,
83, 84, 85
O
Outbound mail filtering, 114
SMTP Virtual Server, 86, 102
Spam Actions, 4, 5, 38, 40, 42,
47, 51, 54, 56, 58, 60, 61, 64,
66, 68, 69
spam database, 14, 58, 117
Spam digests, 15
P
Spam review, 13
P2E Logging, 15
Spam URI Realtime Blocklists,
60, 61
Phishing URI Realtime Blocklist,
40, 41
SpamRazer, 5, 38, 39
POP3, 1, 15, 86, 87, 88, 111,
125, 126
public folder scanning, 7, 14
SPF, 42, 43, 44, 45, 46, 59
Statistics, 15, 25
SURBL, 60, 61
Public folder scanning, 7, 8, 10
PURBL, 40, 42
T
Troubleshooting, 108
R
Remote commands, 86, 103, 111,
126
U
Reports, 24, 25
updates, 38, 39, 42, 58, 86, 98,
101, 111
S
W
Sender Policy Framework, 42, 43
WebDAV, 8, 126
SMTP Server, 45, 59
Whitelist, 46, 47, 48, 49, 50, 51,
66, 73, 126
130  9BGlossary
Administration and configuration manual